Welcome to the Fed Cloud Blog (FCB). Each week we'll take a look at the issues surrounding cloud computing through the eyes of those who are using it everyday. We'll share with you the challenges, opportunities and lessons learned from some of the top minds in the world of federal IT.
November 20, 2009 - 3:59pm
What the cloud can do for you
Listen to the whole interview:
What’s the importance of the cloud, really?
Today, the Federal Cloud Blog gets insight from two experts who have vast experience in the federal market.
They work for Information Builders, a company that specializes in business intelligence and software solutions.
Bill Lochten is their Director of Federal Sales and Michael Corcoran is their Chief Marketing Officer.
The following are excerpts from the interview (of which you can hear in full by clicking on the link above) regarding cloud computing.
Bill Lochten: I think that the idea, right now, of being able to put your solution of application in the cloud and allow for another organization to take responsibility for the actual hardware and software and infrastructure is really appealing for a lot of our government customers. . . . We’ve had great success within our practice of being able to help some of our government customers provide and be a conduit for information throughout the federal government.
When we look at long standing customers of Information Builders, like the USDA National Finance Center, where they’re providing information that’s specific around financial data to individual government agencies, in effect, they’re providing a shared service capability to their internal client — their internal customers within the federal government.
I think the cloud computing takes that, certainly, further — and, also, I think, allows for interesting collaboration with other software providers, as well.
Michael Corcoran: I think it’s fair to say that, whether it’s people looking at an individual application that might be in a hosted model — I actually also see a growing requirement for maybe some complex systems that would need to pull information from a variety of sources that might be internal within that particular department or agency.
It might go across information from different agencies, or it might even require some segment of information that might come out of the cloud or come out of some type of service bureau information. There’s a wealth of data that might be required to make some kinds of decisions.
We’ve seen, in the areas of things like security or law enforcement, some system requirements that might require something as simple as weather patterns that might help a police officer or somebody make a better decision abou9t what kind of crime might occur today in a given area.
It’s a wealth of information coming from many, many different places. I think the cloud plays a role, both as a hosting platform for future applications and simplicity.
BL: We’re finding that, in both of our core solution areas — business intelligence and enterprise integration — that there are clearly defined requirements to be able to provide these kinds of services within the cloud computing environment.
We have definitely seen a very, very large investment in hosted applications — more in the Software-as-a-Service model, where it might be a single-tenant environment versus the true cloud of having multiple tenants use these applications.
We saw, certainly, the horizon growing for that for this requirement. And, certainly, you can make the case for lowering the cost of computing — for support, for infrastructure. I think it’s definitely an environment for the future where people are going to have expectations that very sophisticated applications and services can be easily accessible.
We’ve actually taken a lot of our core applications and placed them out in the cloud, starting with Amazon, to make sure that our technologies would run so that our customers could run their own production applications there. We’ve done that very successfully at this point.
MC: I think one of the things that’s helping us with our federal customers in particular in this whole conversation around the cloud and SaaS, {is that} we are platform and database agnostic.
So, for our government customers in particular, who find that hardware upgrades and revamping and refreshing the hardware and their platform and database choices, is not an unusual or rare occurrence.
They can feel comfortable with us being able to run their applications successfully, regardless of the database they choose or the platform they decide to run.
I think that gives them a level of comfort that they’re not going to be buying software that will be obsolete if they happen to make a decision to move away from one platform to another.
You can go home again: Moving into the cloud will centralize computing resources
Listen to the whole interview:
He’s written over 60 journal articles on many topics having to do with management, and is currently an Associate Professor of Management at Southeastern Louisiana University in Hammond, Louisiana.
And now, David C. Wyld is talking about cloud computing.
His new report, Moving to the Cloud: An Introduction to Cloud Computing in Government, details why you should be paying attention to what’s going on in the world of cloud computing, even if your enterprise isn’t ready to make the move yet.
Fed Cloud Blog began by asking Wyld about one of the lists contained in the report: steps government leaders can take, which includes doing a ‘cloud roll out strategy’.
“We’re basically at step one out of six steps in most of the federal government and across most state and local governments and international governments, which is what the report found. There are demonstration projects — there are pilot projects underway. The introduction of Apps.gov at the federal level is certainly a good step, but it’s step one of integrating cloud computing.”
Eventually, organizations and agencies are going to discover where cloud fits overall, which will become part of any organization’s overall IT strategy.
“The challenge at that point is managing the integration and also gaining buy-in from the rank and file, not just the IT staff, but from the rank and file workforce in terms of integrating this into how they get things done in the organization.”
After that, the cloud could affect anyone.
The report makes predictions, one of them being that the democratization of technology will impact the quality of individuals and their online lives.
“It’s not the second coming, but, let me talk about what is meant by the democratization of technology, and we see this today, in that computing resources are available to us all in terms of — if we’re a researcher and we need extra computing resources, we simply tap into Amazon’s cloud and add the capacity we need. We have information more available at our fingertips today than ever before in human history. There’s a very optimistic school of thought that I concur with that this is going to change the way we do things. You’re going to be able to see more innovation.”
From a private sector standpoint, this innovation will happen if proper resources and money are dedicated to IT technology. Wyld says the ‘add-as-you-go’ mentality will be essential.
“As part of developing a company strategy, you’re not going to be deciding how many resources you need, because I can simply add that or subtract that as conditions warrant. So, it really will lessen the cost of innovation, because you’re not having to dedicate as many investment dollars toward IT as you have in the past. Again, you’re not having to plan IT strategy based on your highest utilization — I have to have X number of servers to handle traffic on 10 peak days during the year. I can base it on average utilization and then just add capacity as needed.”
If anything, the message out of this report should be seen in a positive light, especially for IT executives. Wyld says this is because it will change the way computing is procured and used, which is part of the bigger trend toward computing being a massive utility.
“It is a real transformation away from having fixed, static computing resources to having computing that’s available as a utility and on-demand, [from which] we draw the resources we need — and pay for the resources we need.”
Overall, Wyld says this transformation is a real challenge to the last massive change that occurred in the early 1980’s, when Microsoft launched Windows and made the desktop the be-all, end-all of computing.
“It’s a real challenge to, you know, the Microsoft model, in terms of having a great deal of computing power on the desktop. Other writers have analyzed that, you know, in many ways we’re centralizing computing resources and there’s some danger in that certainly. But, at the same time, that centralization is enabling us, just as we use our smart phones for computing tasks, instead of using a laptop or a PC today, all this enables a much more mobile, much quicker public sector and private sector workforce.”
Ultimately, though they say you can’t go home again, Wyld notes that’s not exactly true.
“It’s almost a pre-Internet model, because you’re centralizing computing resources, but at the same time, if we think about that . . . IT will be less involved with handling upgrades because all the upgrades on software will be done centralized. What you see on your desktop or your laptop or your iPhone, will be that finished product. You don’t have to go through all the upgrade processes that are part of our lives today.”
Listen for more from Wyld later this week on the Daily Debrief on Federal News Radio.
FedScoop! to host Cloud Computing Shoot Out
Hear Goldy Kamali talk more about FedScoop! and the Shoot Out.
Have you heard that FedScoop! is hosting a Cloud Computing Shoot Out?
It’s coming up on Dec. 8 from 8 a.m. – 11 a.m. at the Newseum here in D.C.
Today, FCB talks with Goldy Kamali, founder and President of FedScoop! She tells us what it’s all about, who’s going to be there, and why you should attend.
“We decided to go ahead and do a series of events around the five pillars that federal CIO Vivek Kundra had outlined as priorities. We did our first event on October 14 at the Newseum and basically brought together executives in the White House and a lot of the federal CIO’s and CTO’s and decision-makers to talk about lowering the cost of government with technology.”
Since one of the topics was cloud computing, Kamali says a follow-up even was definetly in order; thus, the Shoot Out.
“There were so many interesting discussions that came as a result of that initial panel afterwards — and I noticed that there was so much controversy around cloud computing — who does what, who’s the leading provider, who’s FISMA compliant, who can be FISMA compliant. There were just so many question marks and so many rumors and unclear facts around cloud computing, that I had a meeting with Vivek Kundra and asked him — do you think it would be beneficial to clear the air on cloud computing?”
So . . . Kundra will be moderating the event — and Kamali says this will help everyone in the federal sphere.
“It’s basically — let’s all get on the same page and clear all of the question marks and really figure out who’s doing what, who has some best practices, who has some real-life experiences within the agencies that they can share and who really has the leading solutions.”
It’s important to hold the event — and more important for people to attend — because cloud computing is such a growing area in federal IT, Kamali explains.
But it’s also about money and the bottom line.
“[It is] a growing area within agency spending. In 2010, there’s going to be a significant jump in the budgets for implementing cloud solutions in agencies and, I think, by 2011, the dollar amount that’s being spent right now is going to double. . . . So, there’s a lot of opportunity.”
To attend, register here. It’s free if you’re a government employee — but hurry, because Kamali says spots are filling up quickly.
To listen to our entire interview with Kamali, click on the audio link at the top of the page.
To successfully travel into the cloud, throw out that legacy mindset
Listen to the entire interview with Reuven Cohen.
On this Friday, Fed Cloud Blog talks with Reuven Cohen, founder & Chief Technologist for Toronto-based Enomaly, Inc.
Not only does he work in and blog regularly about the cloud, he helped the U.S. federal government to define its strategy for cloud computing — and collaborates with other governments, as well.
FCB asked him about the meaning of the term ‘cloud computing’ to start off our interview, mainly because we’ve found that different people think of the cloud in different ways.
Reuven Cohen: There’s two basic terms when looking at cloud computing. First of all, there’s the aspect of the cloud, which is a metaphor for the internet. Then there’s cloud computing, which, again, is also a metaphor, but it’s more of an analogy in that sense. It’s Internet-centric computing. It represents a shift from sort of the traditional desktop-centric approach to computing, to one that’s a little bit more network- or Internet-centric. So, it’s the Internet as an operational environment.
Fed Cloud Blog: What are some of the advantages of operating on the Web versus having everyone load software on their PC?
RC: One of the big benefits is in terms of capital expenditure. When you’re using someone else’s infrastructure — one that’s remote rather than your own — there’s no big, up front costs. You sort of move from a cap-ex to an op-ex — an operational expense — which is a little easier to manage and much, much more flexible. So, rather than buying a server that may sit under-utilized, you utilize the capacity if and when you need it. It’s a more flexible approach to the aspects of computing.
FCB: Since we are the ‘federal Cloud Blog’, we deal with a lot of federal agencies and federal employees. The biggest concerns we’ve found while doing interviews with people in the federal sphere is that they recognize that there’s cost savings that could be realized through moving to the cloud . . . but everybody also brings up the [issue of security].
RC: The aspects of movement to the cloud is already happening. From the government’s point of view, the Internet has become a crucial conduit for communications, regardless of whether you want to admit that or not. So, by saying cloud computing isn’t going to happen or isn’t happening is just basically sticking your head in the sand.
[W]hat’s good about the current administration is they’re embracing the idea of the Internet as being sort of that evolution of computing — and saying it isn’t perfect. It certainly far from being perfect, but it certainly does solve a lot of problems in terms of broad communications and collaboration.
I think the answer is that it’s not a one-size-fits-all solution. There are certainly areas that are better suited to cloud computing — the kind of low-hanging fruit — and there’s other areas where it it may not be as good a solution. So, it’s picking and choosing the areas that make sense while keeping an open mind.
FCB: [How can one] convince either a supervisor or agency head — “Hey, Software-as-a-Service is great! Or, we should maybe look at Infrastructure-as-a-Service!” Any advice in that area?
RC: Here’s the dilemma that you face — and this is as big an issue with an enterprise as it is in a large organization like the government in terms of the adoption of cloud computing. You’ve got these two basic groups.
In a business context, you’ve got a business group — and they’re seeing the cloud as a way that they can go out and do something quickly and easily without a lot of friction. You know, I can go to Salesforce or Amazon or Google, get my application deployed, built and sent out with relative ease.
On the other side of the spectrum, you’ve got the IT groups that are saying — “Hey now, I want that level of control that we’ve always had,” from the point of view of security and auditability and compliance and all those sorts of things.
So, you get this kind of tug-of-war between these two groups within these organizations: the ones that want control and to maintain the status quo and the other groups that want to do something quick and easy. The two don’t typically go hand-in-hand.
What needs to happen is there needs to be this opportunity to sort of bridge the issue. So the pitch, in a sense, is the efficiencies that allow you to go out and use things that are relatively easy to access from a cloud point of view — I can go get an application that’s built, ready to go without a whole lot of friction — or, from the point of view of compute capacity — I now have the ability to go to an Infrastructure-as-a-Service provider and get access to a thousand servers per hour to get a job done that otherwise I probably would have never been able to do before.
So, it’s the idea of opportunity. It’s the idea of doing something that was never possible before. With that instant access to capacity or services, you know, [it] opens up a whole new variety of opportunities that were never possible.
FCB: Any advice on changing that mindset and helping IT managers to feel better about cloud computing, if they have a problem with it?
RC: The idea of control is one that assumes you’re not going to ignore that the shift is happening. So, if you embrace it, you have the ability to help define it. That’s important. By saying — cloud computing just doesn’t work for us — means you’re ignoring the fact that it’s probably going to happen anyway.
So, by saying it is happening, and there is the opportunity to do things with this type of technology, you can put the procedures in place that help shift how this technology is going to be adopted, rather than just saying — it’s not going to work for us.
I think the opportunities, from an IT group, is to embrace the concept and put those strategies in place to say, if a user’s going to use this type of technology, here’s how we recommend you do it. This is mostly around the idea of best practices, procedures, and — possibly — standards that are in place that help in that regard, rather than just ignoring the fact.
FCB: Different agencies are in different places when it comes to moving into the cloud. . . . What advice do you have for federal agencies that are looking at the cloud but are still unsure?
RC: One of the things I would suggest is not to look at it from a legacy point of view. It isn’t a matter of taking what we’ve done in the past and shoe-horning it into the cloud. That doesn’t make any sense.
The opportunities are things that you haven’t been able to do in the past. It’s looking forward. It’s the things that the cloud enables us to do. The things that we could never do before. It’s those opportunities that you should be looking at — not saying, “Well here’s how we’ve always done it and that doesn’t work in the cloud”. That’s the wrong way to look at it.
I think that you should look at it [like] the glass is half full. It’s the bigger opportunities to do things that were not possible.
Read Reuven’s blog and follow him on Twitter: @ruv. We do!
A look at cloud computing and Section 508 compliance
Listen to the entire interview with Bruce Bailey.
Bruce Bailey is an Accessibility Specialist with the United States Access Board.
Today, he talks with FCB about Section 508 compliance — and how cloud computing might help agencies and businesses when it comes to meeting government standards for those with disabilities.
He says part of the problem is that the current provisions were written in 2001 — when the Internet was a different animal.
“The current provisions are very product-centric. Nowadays, so much technology just doesn’t fit into those nice, neat categories that are in the standards. Cloud computing kind of leads in that way in that — the Web provisions that we have are from 2001 and are really quite limiting in terms of trying to assess accessibility of a modern Web application.”
He says, however, that the Web is probably one of the more adaptable portions of IT when it comes to making information available to those with disabilities.
“Web sites are really one of the areas that’s pretty well-defined and there’s been a lot of work done. The W3C, the WAI — at this time last year — came out with the Web Content Accessibility Guidelines 2.0 — and ten years’ worth of work went into that document. So, in terms of knowing what’s accessible when it comes to the Web, we really actually have a pretty good handle on that.”
This means that there isn’t a lot of grey area when it comes to moving an application from a desktop to, say, the cloud.
Bailey says this is a positive change, but there’s also a lot of unknowns when it comes to agencies and businesses moving into the cloud.
“Right now, we’re transitioning from a platform that people know works, to something that people don’t have experience with. . . . So, it’s a reason to be anxious. I think there’s a lot of potential with cloud computing, but the potential is not realized yet.”
As far as moving into the cloud at the United States Access Board, Bailey told FCB that, because they’re a fairly small organization (29 people total), they’re looking at cloud products, but don’t have any plans to move themselves in the near future.
To learn more about Section 508, compliance and the U.S. Access Board, click on the audio link above.
Continuing to try and define what ‘cloud computing’ means
Today, we take a look at cloud computing in the federal sphere with industry insider John Gilroy of SolutionsDevelopers.
Fed Cloud Blog: In doing research, we have found that different people define ‘cloud computing’ in different ways. What do you think ‘cloud computing’ means? (We know NIST has an official definition — do you think this works for every agency/enterprise?)
John Gilroy: My definition of cloud computing is an enterprise using web service access outside the firewall. However, given the fact that the English language is so flexible, I will reluctantly concede that using a web service inside the firewall may come under the umbrella definition of “cloud computing.” Some will argue that merely using a virtual server qualifies as using the “cloud.” Sorry, can’t push the definition to that extent.
FCB: Do you have personal experience using shared services? Briefly explain.
JG: Personal – just a Gmail account. My company offers managed services using a data center.
FCB: If you use shared services, why did you start/what was your motivation?
JG: Personal – just a Gmail account. My company offers managed services using a data center.
FCB: If you work in the cloud, tell us about that. If you don’t work in the cloud, do you plan to?
JG: Personal – just a Gmail account. My company offers managed services using a data center.
FCB: What are some of the benefits of working in the cloud? Pitfalls?
JG: The main benefits are replacement, selection, and recovery of web services. Replacement means that, as an organization’s requirements change, they can change the services they use. Perhaps a new vendor pops on the market with a superior product; maybe usage at one level cannot justify a specific vendor. When activity grows, this new vendor’s price can be justified. Selection indicates that when the system is designed, it can take a “full picture” look at the system and choose a service that is best for that moment. Perhaps it is not the least expensive, but it may provide better interoperability than other solutions. Recovery is always important when systems fail. Discrete web services are easier to “plug and play” than classic client/server systems.
The obvious weakness is jumping on the cloud bandwagon because your think it is stylish. Cloud computing will be nothing but headaches unless your basic architecture is squared away. Next, if you can’t make a long term financial justification for a cloud initiative, then stick the proven methods.
FCB: You have a lot of experience talking with both industry and government. What is the biggest difference when it comes to implementing cloud computing in an office/enterprise between public and private sector? Is it true that the federal government (according to stereotypes) is behind the curve?
JG: It always amazes me how federal IT professionals denigrate their systems capability. Take a look outside the government to compare. For example, last year Forrester did a study and found only 5% of enterprises used internal clouds. Furthermore, upon detailed analysis, researchers thought this figure was exaggerated. (Source: NetWorkWorld; October 19, 2009)
Moving to the cloud is not easy for public or private organizations. Everyone must make the business case for moving to a web service in the cloud. Only after careful analysis should plans be made whether or not to alter the current IT system.
FCB: I have heard about a number of security concerns regarding federal agencies and cloud computing, but are there other obstacles, as well? In culture? Laws?
JG: In my world people who refuse to even consider web services are called “server huggers.” Much like their cousins, the “tree huggers,” they may hold positions based on emotion and not logic. All we are asking for is a considered review of current applications and an evaluation of whether or not the cloud will be of value. A web service is not necessarily a candidate for replacing every application. However, the flexibility inherent in web services provides enough value to at least consider deployment.
Today, financial constraints are forcing us to examine every aspect of the information technology matrix. We no longer have the luxury to retain one way of doing a task merely by saying, “Well, this is the way we have always done it.”
FCB: In your experience, have you seen those who adopt cloud computing take baby steps — or jump right in.
JG: From my perspective a baby step into cloud computing is to select a small manageable domain and select half dozen applications as candidates for the cloud. Then, a systematic inspection of your enterprise architecture to determine the impact of using web services. The next baby step would be to test the application and evaluate. Rinse and repeat until you are happy with a small transition.
The technical considerations are easy compared to making a business case for moving to a service. The road to futility is paved with short term savings that wind up costing fortune in the long run.
John Gilroy is also the host of Federal Tech Talk on Federal News Radio 1500 AM.
Also on Federal News Radio — the Federal Executive Forum examines cloud computing this month. Check it out!
This week in cloud news
Today, FCB brings you a weekly roundup of cloud news.
In case you missed it, the Daily Debrief talked with Phase2 International about the fact that the company recently joined Apps.gov and is now offering a variety of services to federal agencies.
In other news, Microsoft recently released a paper highlighting some security concerns users should be aware of as they migrate into the cloud.
Privacy in the Cloud Computing Era: A Microsoft Perspective discusses privacy issues and, of course, what the company itself can offer.
It is an interesting read and raises some good points, but not everyone is convinced the company’s approach is a strong one. For more on that, an article by CNET’s Dave Rosenberg.
Also, another perspective on cloud from John Fontana of Computerworld, which explores many of the questions being asked by those who want to know more before jumping on the bandwagon.
Come back next week, when we talk to an industry expert and get his perspective on cloud computing. We’ll also learn how cloud might help with Section 508 compliance.
Deputy CIO Wennergren outlines why DoD is migrating to the cloud
Hear DoD Deputy CIO Dave Wennergren at ELC.
“Did you hear cloud computing is all the rage?”
That is a recent — and direct — quote from DoD Deputy CIO Dave Wennergren, who just talked to FederalNewsRadio about a new open source memo.
But that’s not all DoD is doing.
Wennergren recently talked about what his agency is doing in terms of the cloud at the Executive Leadership Conference.
He began his remarks by likening the cloud to a double-edged sword.
“I have this theory that, if you can ride the wave of change about enthusiasm for something that’s in the public psyche, then it makes it a lot easier to do change within your organization. If there’s a demand signal on the part of your constituencies — your clients [and] customers, then it becomes a lot easier to tell them that [in order] to get that, they’re going to have to do something different.”
Throughout history, he said, it’s been the same. Not everyone wanted to use a personal computer when they first rolled out; nor did everyone trust the Internet at first; however, forward-thinking organizations demonstrated how to use this new technology in a beneficial manner, and thus got clients on board.
“You have that going on right now with cloud computing — which is the good side. The tough side is that, when you have so much hype . . . then you have that, as Gartner would say, the great risk of the trough of disillusionment. So, trying to do expectation management about — what does cloud computing mean to you and how would you leverage it and what would you leverage for? It’s not going to be the same for everybody.”
Though it is different for every organization and agency, Wennergren highlighted what DoD is currently doing in order to give everyone at ELC a better idea of how the cloud might work.
“So we have this vision in the Department of Defense that you’re going to be able to get on any computing device, slap your card in and find the people and information that you need to get your job done. That’s a different world than the one we live in today, but there is a whole bunch of activity that’s going on to break down those barriers.”
Currently, these activities range from leveraging Web services and move to a more service oriented approach to doing business to eliminating stovepipes to utlizing Web 2.0 tools.
“In DoD speak, we’ve been talking about net-centric for a long time, which is what this is all about. This movement to the cloud is a culmination of a data-focused approach, a service oriented approach and the ability to have your infrastructure ubiquitously available along with the services.”
Overall, Wennergren said DoD’s goal is having a massive ability to collaborate in a secure environment.
“If you do it right, you could actually do this better in a world that involves the cloud.”
What’s in a whitepaper? A lot, it turns out!
Cloud computing is gaining popularity in the lexicon of many in the IT world, but many have yet to fully move into the cloud.
The reasons vary, especially when it comes to federal agencies. Some are concerned with cost, while others are wary about security.
A number of whitepapers have recently been released regarding federal cloud computing and IT infrastructure. We examine them all and pull out the essential information just for you.
Less Is More
The Federal Enterprise Architecture (FEA) is certainly not new to anyone in the IT sphere, but different challenges arise each fiscal year because agencies are being asked to do more with less.
That is, IT managers are supposed to work to reduce the duplication of services while sharing information across government without letting costs go up.
Whew. I’m tired already.
In a recent whitepaper, Enhancing the Efficiency of Your IT Infrastructure, William Clark, CTO at CA, outlines how some agencies have already started doing this.
“Government agencies have already taken steps to reduce IT costs. Many agencies have begun deploying shared services and service centers to support human resources, payroll, financial services and more. They are consolidating data centers to reduce their numbers and associated costs. Agencies are even reducing the numbers of Internet connections to simplify security.”
In addition, Clark says most IT organizations today spend over 70 percent of their resources on maintaining existing systems.
Therefore, if an agency or organization can figure out how to use existing resources more efficiently, it can free up dollars for new projects.
This is where e-Gov comes in.
In another whitepaper, Make Your IT Organization More Effective, Clark says:
As a result of E-Gov government to government initiatives, many government agencies have begun to buy managed services such as human resources, financial management, payroll,
and so on from other agencies instead of executing them within their own operations.
In this paper, Clark outlines another reason consolidation and automation might be beneficial.
Youth.
He asserts that younger workers are often more ambitious and therefore won’t be content performing mundane maintenance tasks on legacy systems.
Automated IT management systems improve IT resource utilization and can help reduce your hiring requirements. Installing automated solutions also makes recruitment easier. By utilizing the latest management applications, you can create better jobs and support opportunities for staff, allowing them to play more strategic roles. In this way, automation can improve both
knowledge retention and recruiting efforts.
Thus, through careful examination, cloud computing could help an organization or agency do more with less.
Back in the Day
Cloud computing is by no means a new-fangled idea. (According to Wikipedia, The Cloud borrows from telephony, if you can believe it.)
But it is currently being used in newer, more expanded ways. As we said earlier, more people, organizations and agencies are operating within it, which means it’s becoming more popular.
In addition, the concept of virtualization has changed.
A recent whitepaper from IBM, Seeding the Clouds: Key Infrastructure Elements for Cloud Computing, outlines the metamorphoses.
In the 1990s, the concept of virtualization was expanded beyond virtual servers to higher levels of abstraction—first the virtual platform, including storage and network resources, and subsequently the virtual application, which has no specific underlying infrastructure. Utility computing offered clusters as virtual platforms for computing with a metered business model. More recently software as a service (SaaS) has raised the level of virtualization to the application, with a business model of charging not by the resources consumed but by the value of the application to subscribers.
As technologies like virtualization continue to grow, cloud computing will probably become more widely used.
Enter the Cloud
In his whitepaper, The Perfect Storm for Enterprise-Class Clouds, Dr. Michael Salsburg, Distinguished Engineer at Unisys, examines what he calls the ‘perfect storm’ that has created the ideal atmosphere for cloud computing.
One of the main features – and many would say benefits – of cloud computing concerns the flexibility of services offered.
Indeed, the “killer apps” for cloud computing have been Software as a Service (SaaS) applications. The expectation is that, without installing a “fat” application, the user can access the service immediately through any device that supports a ubiquitous web browser. So, simply stated, the cloud is basically a processing plant for services that can be consumed worldwide by other software or end users.
Because there is no way to predict who will need certain services or when certain services will be needed, real-time infrastructures (RTI’s) developed. RTI’s led to the creation of real-time enterprises (RTE’s), which can respond in real time to a sudden change in business conditions.
The capabilities that are necessary to provide an RTI are relatively new and have caused this “perfect storm” of technological development in the last ten years so that clouds could appear. Whether the development of RTIs caused the formation of clouds – or the other way around – is a debate for another day. But there is no doubt that the “perfect storm” includes the emergence of some key technologies: server virtualization, extreme automation and service-oriented architectures.
The last element – service-oriented architecture – is perhaps most important to the enhancement of cloud computing.
The key is that the infrastructure is architected to deliver and manage services, which is at the heart of software as a service. Because the infrastructure’s elasticity is driven by the need to provide quality of service, services need to be identified, monitored and governed. Emerging technologies are starting to appear that manage the “product” being delivered by clouds – services.
And, again, we are back to efficiency. The business model of a cloud allows for the more efficient use of existing resources.
IBM’s whitepaper says this helps IT organizations to repurpose resources that might be going unused or have been forgotten.
Clouds provide request-driven, dynamic allocation of computing resources for a mix of workloads on a massively scalable, heterogeneous and virtualized infrastructure. The value of a fully automated provisioning process that is security compliant and automatically customized to user’s needs results in:
- Significantly reduced time to introduce technologies and innovations;
- Cost savings in labor for designing, procuring and building hardware and software platforms;
- Cost savings by avoiding human error in the configuration of security, networks and the software provisioning process;
- Cost elimination through greater use and reuse of existing resources, resulting in better efficiency.
Show Me the Money
This brings us to the budget at your agency.
According to a recent whitepaper by Ted Alford and Gwen Morton of Booz Allen Hamilton, The Economics of Cloud Computing, the President’s budget for FY10 includes $75.8 billion in IT spending.
While this might sound like a lot, and is a 7 percent increase from FY09, the times are a-changin’.
The FY11 IT budget is projected to be almost $88 billion – and it’s clear that the government can’t sustain such a spending trajectory.
There are three groups, according to the whitepaper, that encompass what’s going on in the federal government right now: public cloud adopters, hybrid cloud adopters, and private cloud adopters.
Each group is moving at its own pace for a variety of reasons, but the paper suggests that the costs of moving to the cloud ideally should be wrapped in with an agency’s data center budget.
Data centers capture the most significant portion of the costs associated with moving IT infrastructure to the cloud. However, agencies publicly report only their “consolidated” IT infrastructure expenditures, which include end-user support systems (eg: desktops, laptops) and telecommunications. Additional spending on application-specific IT infrastructure is typically rolled up into individual IT investments.
Throughout the paper, the authors explain how they developed their own data profile that they feel best represents actual agency IT spending.
Their conclusion is that, while some agencies such as the Defense Information Systems Agency (DISA) are already well on their way to implementing cloud computing, many agencies will have to wait one to two years because of the way budgets are developed and implemented.
The timeframe for reprogramming IT funding to support cloud migrations is likely to be at least 1 – 2 years, given that agencies formulate budgets 18 months before receiving appropriations. Specifically, IT investment requests are developed each spring and submitted to OMB in September, along with an agency’s program budget request, for the following government fiscal year (GFY). OMB reviews agency submissions in the fall and can implement funding changes via passback decisions (generally in late November) before submitting the President’s budget to Congress in February. Theoretically, the earliest opportunity for OMB to push agencies to revise their IT budgets to support a transition to the cloud will be fall 2009; however, agencies typically only have about 1 month to incorporate changes to their IT portfolios during passback. To give GSA and OMB time to develop more detained guidance, as well as necessary procurement mechanisms and vehicles, it is more likely that OMB will direct or encourage agencies to plan for cloud migrations during the FY 12 budget cycle (starting in the spring of 2010).
In short, it won’t simply be up to agency IT managers to push for cloud computing.
Certain agencies within the federal government, such as OMB, GSA and NIST will have to continue to monitor the situation and give IT managers clear guidance concerning all aspects of migration to the cloud.
Which cloud model will Interior’s National Business Center use?
Listen to the second half of FCB’s interview with Doug Bourgeois
As promised, today we bring you the second half of our interview with Doug Bourgeois, Director of the Interior Department’s National Business Center.
Federal Cloud Blog: So, DISA has their cloud computing model that’s a private cloud, are you looking at the same thing? Is it going to be an Interior Department/NBC only cloud that’s government only, or are you looking at a hybrid model?
Doug Bourgeois, Director, National Business Council, Interior Dept.
Doug Bourgeois: There are multiple cloud models out there. We believe we’ll be participating in more than one model at a time. Right now, our focus is a federal private cloud. I see the day, not too far in the distance where the shared service centers kind of connect their clouds together and end up in a community cloud for shared services. And I definitely see — and it may happen before the community cloud — I see a hybrid cloud evolving. We’re having discussions with a lot of cloud service providers out there who are interested in potential partnership arrangements, and so we’re just trying to determine what would be the model that our clients would best benefit from. That’s still an analysis underway at this point.
FCB: We know you can’t mention specific discussions with providers, but when you talk about a hybrid cloud, we’re talking about maybe a private cloud in a public cloud where it’s partitioned off and secured?
DB: That’s exactly right. There are some elements of our cloud services that we have a inter-connection, if you will, with a public cloud provider for information or services that might be completely public information — and then keep running in our private cloud the PII kind of information and things like that that shared services has to pay extra attention to and meet different security requirements with.
FCB: When you look a year or two — or even five years out — where do you see your cloud? Do you see it as specific around shared services or something broader?
DB: I see our services being a little broader than shared services because of two primary areas.
First is because the value that our clients derive from our shared services today is through the business applications that they use in our shared services center. So, our primary focus has been software-as-a-service enabling those business applications. So, two or three years from now, we’ll have many, many business applications software-as-a-service enabled in the cloud in areas like HR, financial management and procurement applications and things of that nature.
The second area is quite a bit broader because we are a shared service center that manages Privacy Act information and personally identifiable information, we focus on the security levels that are appropriate to that type of information. So, we see a niche in the infrastructure-as-a-service area for anybody’s mission application — any other agency’s mission application — doing whatever it needs to do that has a FIPS 199 moderate security requirement associated with it. It’s not high security, but it’s not public information either. It’s in between at the moderate level. We see any application that has that security requirement fitting very, very well in our infrastructure service.
FCB: Obviously, this is going to be a fee-for-service — you guys are a fee-for-service organization — have you worked out yet what that cost would be? Have you started down that path?
DB: We definitely have. We’re still doing analysis because the services are being deployed in a phased, incremental fashion. For example, on our infrastructure-as-a-service development test environment that is in testing now, we’ve done some very through analyses of the pricing model in comparison to some public offerings that are similar.
Now, our services aren’t exactly the same as the public offerings, either. As I pointed out, there’s a bit higher level of security [with our applications]. We do manage the infrastructure still, so there’s a managed services element associated with it. But our pricing, we believe, is appropriate for the additional services that we have to offer in comparison. So, we’re seeing a potential price differential somewhere between 10 to 20 percent from our services to what’s available now in a public cloud.
Interior's National Business Center hopes to start offering IaaS soon
As we’ve been telling you, the Federal Cloud Blog got to go to this year’s Executive Leadership Conference in Williamsburg, Va.
While there, we caught up with Doug Bourgeois, Director of the Interior Department’s National Business Center.
Today, we bring you a bit of that interview.
Listen to the first half of FCB’s interview with Doug Bourgeois
Federal Cloud Blog: The National Business Center is taking a serious look at cloud computing. Talk about where you see how cloud computing can really affect or improve the way you deliver services to other federal agencies.
Doug Bourgeois, Director, National Business Council, Interior Dept.
Doug Bourgeois: Cloud computing has several benefits, from a consumer of cloud services perspective.
One that is drawing a lot of interest in terms of the potential clients that we’re talking to now is the considerable improvement in service levels. In other words, it takes a matter of minutes to provision a new virtual server in a cloud environment. So, if you want to start a development project or get something underway, you don’t have to wait for the procurement process to go and carry its due course and have the technical folks install new equipment and so on and so forth. It really is — it’s an over-used word — but it really a paradigm shift in the way IT services are delivered.
Then the second benefit is, instead of having to purchase capital equipment, it just becomes a much less expensive expense item. You can also turn it off when you no longer need it, so you don’t have that poor investment.
FCB: When do you foresee getting a pilot going or getting into the early stages of cloud computing around shared services? Are you already there or is it a few more months out ?
DB: We’re very, very close. We are running some internal systems in the cloud now. For example, our Lotus notes application has been running in the cloud for several months. That’s part of our process for becoming familiar with the technology and how to operate it and optimize it. Our plan will have a soft launch for infrastructure-as-a-service development test environment in the month of November. [We'd like] earlier rather than later, but we’ll see. The testing is looking really, really good right now. [It] will be completed in the next week or so and then we’ll see where it goes from there. So, we’re expecting to have something ready pretty soon.
FCB: This would be for financial management, human resources — your customers that you provide the shared services for? Or would this be more internal to NBC as they develop new applications for your customers?
DB: The initial launch actually is a true infrastructure-as-a-services offering, which means it’s really intended for anybody who needs an environment to work in. So, for example, [if] somebody wants to do a software development project with our infrastructure service, we’ll be able to come in and provision a combination of CPU resources and memory and storage and so on and so forth and be able to load up their software development tool into that environment and start writing code. So, you can get started writing your software in the cloud with this service.
FCB: To be clear, this is software development for anything you want? It doesn’t have to be around the shared services that you guys provide. It could be an application that is very specific to one agency?
DB: That’s exactly right. In the shared services sense, when you get more to the business application, which are getting to the software-as-a-service type of an offering, but in order to have software-as-a-service enabled — it all sits on an infrastructure-as-a-service foundation. So we’re kind of incrementally getting to the software-as-a-service part and the first part is infrastructure-as-a-service, which is going live in the month of November. We’re real pleased about that.
FCB: Where do you see some of your biggest challenges and roadblocks that you’re going to have to overcome to not only get this up, because you’re pretty close, but to get people to use it [and] get people to really trust it?
DB: I think that’s what we’ve been very focused on. We identify it as the barriers to adoption. On the one hand, we believe that there is so much potential benefit that there’s going to be very high demand. This is really a new computing model that is going to take off. So, we’re looking at it from the vantage point and saying — what would cause people to be initially concerned that we’ll have to overcome? Security is a big one. [That is] generally the number one issue. There’s a whole different set of security issues that people are concerned about. Then, I think a second [concern] is, people don’t necessarily know what they can do with it. There’s a lot of confusion about cloud offerings.
Come back tomorrow when we’ll have more with Doug Bourgeois!
Short ‘n Sweet: A post on CGI’s latest white paper
“Seek service, not just servers”.
That’s the subtitle of the latest white paper from CGI, Practical Cloud Infrastructure for Federal Executives (pdf).
Since it’s linked (or ‘hypered’, as I like to say), I won’t break the whole paper down for you.
What I found interesting, however, in the introductory paragraph is the notion that cloud computing is “not an either-or proposition”.
The intro continues:
Cloud techniques can be applied outside an agency by a company offering excess capacity on its infrastructure, or by another agency that procures capacity on the government’s behalf. They can be applied by a company that hosts software applications and provides them as a service, or by an agency doing so as a shared-service provider for others. Alternatively, one or more agencies could decide to offer such services agencywide or across agencies as a private cloud provider.
In creating a business case, agencies must keep in mind that cloud computing is not a one-size-fits-all solution, especially to the many unique, sensitive, and enterprise level computing challenges federal agencies face.
The notion that IT managers — whether federal or not — have to think outside the box is nothing new, but the idea does seem to be growing more popular.
GSA CIO Casey Coleman reflected this last week when she talked about cloud computing and how her agency is moving ‘up’.
“The traditional model is that you have to run your own systems in your own data center or computer room, patch them, secure them, and upgrade them, make sure that there are not conflicts between different systems and be responsible for all that yourself. Cloud computing moves all of that into the cloud so you can focus configuring the applications and solutions in a way that delivers value quickly.”
CGI is currently working with GSA and other federal agencies on moving to the cloud, and Ralph Tufano, director managing technology services for CGI Federal and author of the paper, does an excellent job of outlining why agencies are moving to the cloud — and how it all began.
In his conclusion, he outlines criteria that he thinks agencies should use when looking for a cloud service provider:
- The degree of visibility they offer into application and infrastructure services
- The extent of governance they apply in managing cloud components
- Their ability to offer service levels — for availability and response time — that apply
to both infrastructure and applications - Whether their pricing truly refl ects all costs of cloud computing
- Their ability to guarantee security for hosted applications
- The degree to which they can synthesize and manage multiple components and
service providers
Also — a note.
I have been told by Dorobek Insider author Chris Dorobek that he’s working on gathering links for a ‘cloud reader’. He had promised it to me yesterday, but then confessed that the project has gotten bigger than he anticipated.
I promise to bring you that list as soon as it is available!
FCB goes to the Executive Leadership Conference
The Executive Leadership Conference took place in Williamsburg, Va., over the past couple of days — and Fed Cloud Blog was there.
Federal CIO Vivek Kundra was there — and talked about a number of topics, including the fact that the federal government has seemed to have accumulated a large number of data centers over the years.
(Read more from WFED’s Jason Miller here.)
FCB cares because Kundra said that one of the long-term solutions for this problem involves cloud computing.
“We need to be able to dynamically allocate resources as we serve the American people through various applications.”
So, is there a cloud computing Line of Business in the future? Kundra said, not really, but the federal government did release a cloud computing strategy, which was released back with Apps.gov in September.
Overall, it seems that the federal government is, for now, taking small steps when it comes to moving into the cloud.
FCB will bring you more info from ELC as it comes back into the newsroom all this week.
Check out more of Federal News Radio’s Executive Leadership Conference coverage
In Search Of…. Silver linings or stormy road ahead?
With all this talk and attention about cloud computing, the FedCloudBlog went in search of…
No we weren't trying to get in touch with our inner-Leonard Nimoy. Rather, we went looking at FedBizOpps.gov to see how many agencies are putting out solicitations that call for cloud computing or some variant.
We didn't find many examples-about seven total when we searched for "cloud computing."
The first one we came across was a $7.3 million contract awarded to UChicago Argonne, LLC under the Recovery Act from the Energy Department's Argonne National Laboratory.
According to the notice on FedBizOpps.gov, Energy wants UChicago to enhance Phase I of a "computing cluster testbed with additional storage and networking infrastructure and to expand research on the effectiveness of cloud computing for Office of Science applications to include multi-site issues."
Sounds to us like they want UChicago to see how cloud computing may work in their environment. But then again, one of the issues with FedBizOpps.gov is they don't always post all the information one may need to understand the real implications of the contract.
So we went back to the drawing board to see what else we could dig out of that problematic FedBizOpps.gov site. If you want to know something that should be taken to the cloud, it's this clunky site. But that is another discussion for another time.
We searched SaaS (software-as-a-service-just in case you needed that) and we found an interesting request for information from the Defense Department office of public affairs for internal communications.
DoD wants to buy customer relationship management through a SaaS arrangement.
"The contractor shall provide a SaaS CRM service that must integrate with the Defense Media Activity's content management system, yearly subscription license for enterprise, portal sessions licenses, government hosting and support," according to the notice.
FedCloudBlog sees this solicitation as the perfect example of what agencies will look at the cloud for in the short term-moving low or no risk systems to the public cloud. We know that is what the Office of Management and Budget stated as its goal with its initial foray, Apps.gov.
And speaking of Apps.gov, which we understand quite of bit of you out there have been discussing, Apps.gov is creating a lot of heartache even though it's barely a month old. But that conversation deserves its own treatment and we are not in the mood right now to take that on.
We digress….FedCloudBlog wonders out loud whether this lack of activity-even pilot programs-and the slowness of the General Services Administration to make awards for infrastructure-as-a-service or even release the SaaS RFQ will keep agencies from jumping on OMB's cloud bandwagon.
Or as Leonard Nimoy may have said, will these initial steps be enough so the cloud live long and prosper?
Transportation's wheels on the cloud go round and round
The Department of Transportation found itself at a technological crossroads: maintain the status quo or move to the cloud. The decision, says DOT's Chief Technology Officer Tim Schmidt, wasn't hard. Hosting, in general, "was not something that was a real core competency for us."
So, Schmidt tells FCB, pieces fell into place, it was an opportune time, and after looking at the current labor structure and how the Department was using other contractors, it was off to the cloud.
Privacy and security issues were considered before starting, but just after a few weeks "now we're already starting to look at security and privacy and the infrastucture security - (and wondering) 'should we put more out there?'"
In those few weeks, Schmidt says the pay off of the move has included:
- predictability
- consistency of operations
- high availablility
- good user satisfaction
Plus, "the company's treating us well."
Schmidt tells FCB they're working with "a couple of other candidates" and they've stood up a "sandbox," unavailable to the public, to look at it, kick the tires, and "let people hit up against it." The idea, says Schmidt, it to take it slowly and deliberately.
Schmidt says the key to success with the move will be to keep the process agile "so as we learn more about it, we'll adjust as necessary."
Bursting the hype-bubble of cloud computing
Kevin Paschuck is Vice President for the Public Sector at Right Now Technologies and helps federal agencies move into the cloud. He was recently interviewed on the Daily Debrief about "Effectively using cloud computing at your federal agency". During the course of the interview, host Chris Dorobek asked about the hype, and hopes, of cloud computing.
Chris Dorobek: I think there's a lot of... almost fear that some of this becomes almost a hype-bubble out there. And from what I can tell, most people are saying this isn't the silver bullet. ...You need to think about where you would use cloud computing resources. It's not going to replace everything that all agencies are doing, right?
Kevin Paschuck: I would agree Chris. It's not going to replace everything. For example, in DoD, you're not going to replace a weapons system with cloud computing.
But what you could do... If I summarize the three benefits of cloud computing: the reduced cost, the modular implementation and this virtual CIO, under that virtual CIO umbrella, one of the benefits I see is it's going to allow your IT department to focus on innovation, rather than traditionally implementing the software and maintaining it.
So you're going to be able to free up resources where they would be traditionally pressed against the contact center requirements, or other requirements you could manage in the cloud like mail, you could take those and shift them over and really focus on some of the more mission-critical systems like a defense system in the military.
CIO of the Office of Naval Research is in the cloud
Federal Cloud Blog recently ask Brian Reily, chief information officer at the Office of Naval Research, to answer our questionnaire. Here’s what he has to say.
Federal Cloud Blog: Does your agency/organization used shared services in IT? If so please describe.
Brian Reily: Yes we do use shared services. We are currently moving our business applications to Oracle on Demand. We also use the services offered by the Navy Marine Corps Internet and those offered by DISA. Our oracle on demand effort will save us $2M over 5 years and increase our Information Assurance posture.
We are also demonstrating a mobile computing device that will replace your blackberry, personal cell, VOIP phone and your desk/laptop computer. That is we are replacing all your computer with a single device that primarily is an access to the web where we host al the applications. The savings will be large and the security will significantly increase.
FCB: If you do use shared services, what was your motivation? Have the results been what you expected? What has not gone as well as you’d expected.
BR: We are in the initial stages of te Oracle on Demand shared service. We have established the NIPR net circuit which has taken some time. We are currently going through the certification process and should go live with our first application in October.
FCB: Now let’s talk about cloud computing. We’ll define it as having a third party host your applications and storage, accessible via the internet in a business model in which you pay. Are you investigating, piloting, using, or not considering working in the cloud?
BR: [We are] investigating, piloting and using cloud computing as defined above.
FCB: If you are investigating, piloting or using, which services are part of your efforts: storage; e-mail; other communications, such as instant messaging; office productivity applications; or agency-specific applications?
BR: Storage, e-mail and other productivity applications [are part of our efforts].
FCB: Please describe your service level agreement, for example, what is required in terms of up time, how fast new users are provisioned, security. That is, what are you getting contractually?
BR: I can make the contract available. [I can provide the SLA's if needed.]
FCB: Describe how you pay for cloud services. For example, per user? per hour agency wide? Is there an initial startup fee for the agency? For each user as he or she is added?
BR: We pay based on users and applications being run. Details are available and can be provided if anyone is interested.
FCB: Is your cloud coming from a commercial entity, another agency, or your own agency?
BR: We use both Navy and DISA services. We also have gone commercial through Oracle.
FCB: Were there any unexpected issues that arose when you initialized your cloud arrangement? If so, please describe it/them.
BR: Making arrangements for the NIPR circuit has taken much longer than expected. However once the circuit is in place it will be easier for other folks to piggy-back and take advantage of our efforts.
FCB: Who (by position, not individual) was part of the decision to move to the cloud model?
BR: Basically it was my decision as the CIO. While I briefed it to senior leadership we completed a Business case analysis and we found a savings of $2M an increased security and responsiveness. Decision was really a no-brainer.
I also address this with senior IT leaders in the Navy. All are very interested in the results.
Since ONR charter is to look 20 years into the future exploring technology we adopted this philosophy for our IT environment looking 3 years into the future and testing emerging capabilities. We are also
FCB: Please describe the non-technical issues you had to work through for cloud. For example, agency culture, skepticism from the technology shop or other contractors.
BR: Many folks said we couldn’t do it especially our engineering staff. However, we did a test before we launched and provide that connectivity wasn’t the issue.
I think the real issue is having someone go first and address all the IA and tech issues. None of them are show shoppers but together they can derail the effort.
Cloud computing at the EEOC
The following answers were given to FCB by Kimberly Hancher, Chief Information Officer in the Office of Information Technology (OIT) at the Equal Employment Opportunity Commission (EEOC). We sent the survey to several federal agencies.
Federal Cloud Blog: Does your agency/organization used shared services in IT? If so please describe.
Kimberly Hancher: [The EEOC uses the] Federal Provider of Shared Services – Interior Department’s National Business Center for payroll/personnel system and financial management system; [and] the Office of Personnel Management for USAStaffing.
[The EEOC also uses] commercial service providers [for] Web hosting, application hosting, Web conferencing, training and reservation/payment system.
[We use] cloud computing for piloting Google Apps (about 30 users).
FCB: If you do use shared services, what was your motivation? Have the results been what you expected? What has not gone as well as you’d expected.
KH: [We feel that] shared services from public or private service providers make sense when your agency needs a service outside the core competency of the internal IT organization.
FCB: Now let’s talk about cloud computing. We’ll define it as having a third party host your applications and storage, accessible via the Internet in a business model in which you pay.
KH: [The EEOC is currently] piloting and using cloud computing.
Last year we awarded a contract to host our public facing Web site and our public facing applications. We began using this service this year.
We are also piloting a Google Apps Premier for e-mail, document storage, Web sites, instant messaging, Web conferencing and other collaboration.
FCB: If you are investigating, piloting or using, which services are part of your efforts: storage; e-mail; other communications, such as instant messaging; office productivity applications; or agency-specific applications.
KH: [We are using cloud computing] for agency-specific applications.
FCB: Please describe your service level agreement, for example, what is required in terms of up time, how fast new users are provisioned, security. That is, what are you getting contractually?
KH: We have 99.9 percent availability during core business hours users provisioned within one day SAS70 and C&A process.
FCB: Describe how you pay for cloud services. For example, per user? per hour agencywide? Is there an initial startup fee for the agency? For each user as he or she is added?
KH: [For] federal – start up costs, operations and maintenance recurring fees, and per user fees. [For] Google – no startup, only per user fees. [For] hosting – startup and recurring fixed annual fee.
FCB: Is your cloud coming from a commercial entity, another agency, or your own agency?
KH: The only one of the above that is truly cloud computing is Google (a commercial entity).
FCB: Were there any unexpected issues that arose when you initialized your cloud arrangement? If so, please describe it/them.
KH: No
FCB: Who (by position, not individual) was part of the decision to move to the cloud model?
KH: Our e-mail administrators and CIO.
FCB: Please describe the non-technical issues you had to work through for cloud. For example, agency culture, skepticism from the technology shop or other contractors.
KH: We invited speakers to brief technical staff and managers about cloud computing so they could develop a basic understanding.
What’s available on Apps.gov — and how you can use it at your agency
FCB has gained some insight into what, exactly, is on Apps.gov and how you might be able to use the tools at your agency.
Dave McClure, Associate Administrator for Citizen Services and Administration at the General Services Administration, gave us some tips — and a lot of explanation — about the site.
On why Apps.gov is important
I think Apps.gov represents the beginning of the federal strategy of moving into the cloud computing environment. It is a beginning step. It’s not the complete solution. The idea is to put largely already available cloud software services up in an organized way on a portal that agencies can get quick access to, and cut through a difficult — and, instead, go through an easy — procurement process to bring those kinds of capabilities on board.
So, it’s largely focused right now on simple applications and we do have our terms of service posted for our social media apps that have gone through some vetting with government requirements for social media tools. Those are shown on the Web site, as well. Those are absolutely free products, as long as the agencies have come to a terms of agreement with the provider.
On some of the barriers of cloud computing
Well, it’s a relatively new area for the government. It actually is for everyone — not just government. There’s still, of course, concerns about security and protection of information in a cloud environment. There are, certainly, concerns about reconstitution of data — if I want to pick it up and move it somewhere else. The biggest issues beyond those technical things are cultural. Letting go of control of equipment and resources, and, instead, buying IT capability as a service. That’s a big culture shift for government.
I think a lot of it’s just control revolving around uncertainty of how this actually operates. One of the biggest issues is, honestly, what is cloud computing? It’s almost like getting economists together and asking what’s the state of the economy? You’re going to get different answers because there are different models, there are different ways of approaching cloud just within government, a hybrid between government and private sector, or pure public clouds. So, some of it stems from the confusion of what this really means and what it is. The other is just fear of the unknown. We’ve never been in this environment — what does it really mean to operate data that I’m accountable for and results that I’m being monitored for in an environment that I don’t have day to day control over.
On who’s responsible for security in the cloud
The short answer is, the assurances are still lie with the purchaser — with the agency. They have to make sure that FISMA requirements are being met. That NIST requirements are being met. The same certification processes have been adhered to by their provider. So you’re not letting go of security, you’re turning it into an exercise where you’re sure your provider is providing that level of security that’s necessary for the type of data that you’re processing and disseminating.
So, the onus doesn’t go away for the agency, but what it does mean is — how do I look inside a visualized data center to make sure that it’s being done? Who audits — who controls whether that certification is real? I think that’s some of the issues that we’re dealing with — is making sure that the standards are being met and that there’s concrete evidence that the data’s actually being protected.
On how cloud computing can save money
I think that’s an area of great interest — is the infrastructure space. We know that the greatest percentage of IT money in the government is spent on operations and maintenance of applications, particularly the hardware in the telecom and infrastructure side.
So, if we’re going to save significantly, we’ve got to reduce costs in those areas. That’s an area where cloud computing has already demonstrated that it can make a difference. Here at GSA, for example, USA.gov is being operated in a cloud environment and has been since May of this year. Already, we can point to tremendous cost savings and much more efficiency in terms of updating the site, flexibility if we need more computing capacity from spikes in user demand — a much more simplified setup from an operational perspective.
We still have a role to play.
We do still monitor what happens with the information. We still do have control over the content management systems, per se, in the application space. Not everything’s been completely turned over to a cloud provider, but the fact that we’re not running servers, we’re not actually doing the operations and maintenance on hardware frees up our developer and engineering time for thinking about next generation applications that we need to be doing to make that site cutting edge.
On how Apps.gov works with vendors
Each of the media providers have what they normally would call terms of service agreements. It’s what you’re clicking on when you’re at home on your own computer and you pull up a nice piece of interesting software. You say, hey I’d like to run that! But before you’re allowed access to it, or if it’s being run off of their server, or, alternatively, if you even downloaded it, you notice you always get that agreement that comes up. You’re asked to say, I accept this.
That’s essentially what a term of service agreement is. You’re agreeing to the terms and conditions on the use and placement of that software in your computer. So, what we’ve done with the terms of service agreements with media providers is to say, there’s certain things that we want you to adhere to if these products are used in the government space.
One, we don’t want your site loading up with advertising.
Two, we don’t want you collecting cookies that devolves personal identification information to you so that you can track someone. We want any legal matters — if there’s ever a dispute involving this software — done in a federal court, not a state court or a court that you the provider chooses because this is a federal application.
So that’s what the terms of service have carefully done — is to negotiate with the new media providers and say these are the special conditions that we want the application to abide by if it’s going to be used in a government environment. It’s basically a minimal set of agreements. Now, each agency — we suggest they take that and implement it as is, or to add to that other conditions they want. That’s what’s up on the Web site.
There are approximately 26 social media tools that have gone through that vetting process that we and agencies have vetted that meet the conditions for government use. There’s another 20 or 30 or so in the queue that we’re going through now and doing the same thing.
On what the future holds
Well, hopefully, you will find very fast more applications loading up for the software-as-a-service area in the business apps, productivity apps side, where those icons are. You should see a growing list of social media tools as more of these agreements are negotiated. The more new and exciting thing that you’ll see coming in the future is, we’re moving into the infrastructure-as-a-service space, where servers, hosting services and even hardware — infrastructure for processing — can be bought as a service through the storefront. So, that’s where we’re moving. Into the infrastructure provisioning, and eventually into platform provisioning after that.
To learn more about this interview, click here.
Is your agency working in the cloud? Or are you still waiting to make the move? Either way, the Federal Cloud Blog wants to hear from you!
Email Dorothy Ramienski: dramienski@federalnewsradio.com.
In Case You Missed It: Cloud Stories from earlier in September
The Fed Cloud Blog is fairly new; Federal News Radio just launched it a few weeks ago.
But cloud news, as you know, is not new.
We’ve been covering the topic for awhile now.
In a segment called New Ideas for Government, Carolyn Purcell, director in the State and Local Government (SLG) sub-vertical consulting practice within a global Public Sector industry vertical, wrote an interesting post about the various advantages offered by moving into the cloud.
One of the most significant opportunities for the public sector in cloud computing is the ability to share information and technology resource among multiple agencies. While governments have tried hard to create frameworks geared toward shared services, these have not always been very successful. Cloud computing offers an easier and less burdensome route to more efficient and effective public sector information management. This may be especially true for developing countries that do not have the technology, skilled personnel, or resource to create world-class IT infrastructures.
You can read the whole article here.
Also, on the Daily Debrief, Chris Dorobek and Amy Morris spoke with two major players in the federal cloud computing world: Google and SalesForce.
You can read my entire article here.
DoD developing apps store; DISA rolls out RACE
The Federal Cloud Blog just spoke with Henry Sienkiewicz, Technical Program Director for DISA’s Computing Services Directorate, who told us all about how DISA is moving into the cloud with its Rapid Access Computing Environment (RACE) . . . and about the fact that the Defense Department plans to launch an apps store of its own!
Listen to Henry Sienkiewicz talking with FCB
Federal Cloud Blog: This platform that you’re building. So, you’re in DoD and you want to try something. Walk us through the steps [and] how this works.
Henry Sienkiewicz: It’s actually very straightforward. We model the portal as if we were a commercial hosting site. So, under disa.mil, at the very top of the homepage right now, you’ll see the RACE logo. Or you can go through the computing services page on the side of the DISA portal to get to the RACE environment. You just literally log on there. You have to use your CAC card. . . . You log onto the portal and you just sign yourself up. You can pick and choose a variety of options. While we’ve tried to highly standardize the environment, we recognize that some users will need more computing, some will need more storage, so we’ve given them a mix-and-match portfolio to be able to pick a variety of options, although we’ve tried to keep it standardized with a LAMP stack as well as a Windows stack.
FCB: It seems like, in some ways, you may actually be able to improve the security levels of what most servers [have] because this is something you guys focus on all the time.
HS: That’s absolutely correct, although . . . one of the other neat pieces of the portal is that we actually are able to take a NIPR, which is the way we transfer money inside the department, or a government credit card online. We launched that, actually, in October of last year and it was one of those things that took a great deal of time and effort from the rest of the team — to figure out how to do — and our friends at Treasury helped us with the process. But it was a great success story on — how do we actually allow people to have that flexibility to order as they need it [while] making sure the money trail is completely and totally followed properly? We can spin up on virtual operating environments as fast as everyone else. 23 plus of those hours from our test and development environment — I’m able to provison right now in 24 hours — [and] 23 plus of those hours is actually moving the money. So, for us it’s been a great story.
FCB: You’ve been in development and you’ve been testing. What are some of the lessons that you learned from the test platform that actually ended up going into the live platform?
HS: We actually were able to use almost all of the code, all of the process, all of the procedures. When we thought it out at the very beginning, we established a very solid baseline at that point in time. Over the course of the last year, we’ve added additional options. We’ve done incremental releases, so we’re not believers in a big bang release of just one major code release a year.
FCB: And that is something particular with cloud computing. It gives you that ability to do that — and it makes those kind of iterative releases [easier]. It doesn’t become the ordeal that it could be.
HS: By keeping it standardized underneath the covers, we’re able to gradually and gracefully release and bring the customer base along with us, as opposed to forcing them to do massive migrations all at once, we’re able to go there and gradually allow them the ability to keep moving forward.
FCB: Is this something that would be available through the Apps store, even thought [it is] seen as largely commercial products?
HS: We are not going to put it as part of the GSA apps store. We’re going to be working with the DoD CIO as they’re developing an application store, as well. So we’re going to be folding our efforts in there; however, the team that has worked on the GSA apps store and my team have been actively engaged and participating in a lot of the same venues and a lot of the same conferences and we are more than willing to share what we have done with the rest of the federal community. My boss . . . and I are routinely talking, both in public forums, as well as in government forums, on these very topics. Our team is routinely interacting outside the agency and across the department with other people who are trying to establish the exact same thing.
What, exactly, is the cloud? Depends on who you ask
Moving into the cloud is a fairly new concept for many federal agencies and, as always, pitfalls happen.
GSA’s Dave McClure gave FCB insight into why some challenges might occur when it comes to securing information in the cloud. He said it’s not necessarily about the technology itself, but sometimes has to do more with government processes and culture.
It’s a virtual, rather than physical, control with assurances — and, again, I think some of this has to be worked out with the CIO Council, with OMB on what constitutes a quality review process and certification process when you’re moving information around in very different ways than what we’ve traditionally done.
So, what are these processes that need to be followed? Are they any different than what would be in a normal computing arrangement where you actually touch, feel, inspect and can analyze data on machines right in front of you.
FCB took a look at what the private sector is doing, because security struggles are clearly not just a federal government issue.
One of the biggest issues when dealing with security in the cloud, it seems, is defining what, exactly, a secure cloud constitutes.
An article from CIO.com gets perspective from six IT security practitioners, and each has a unique perspective about what it means to secure your cloud.
Some interesting points:
- Matt Schneider, security consultant and senior Web design architect at Ford Motor Company, is quoted as wondering how concerned the average user is about cloud computing, “Look at Facebook and Twitter. There’s a couple of apps that have been hacked, yet that’s all you hear people talking about lately. If they really cared about security, I think they would just stop using those apps.”
- Terry Woloszyn, CEO/CTO at PerspecSys Inc., “{I}n trying to answer the question of what is and isn’t cloud security, you are trying to establish a taxonomy.”
- Michael Versace, partner, principal research contributor at The Wikibon Project, “Some are making cloud security more difficult to understand than it needs to be. Since security is a risk-based discipline, users need to understand the inherent risks in cloud services and implement the best set of organizational/management/business processes and technology controls to manage risks down to a profitable/acceptable level.”
Of course, these IT gurus are not working for our federal government, but their comments are valid and lead FCB to wonder . . . does operating in the cloud put more onus on the user in terms of security?
The Pew Internet & American Life Project released a survey last month that said about 69 percent of Americans who are online use cloud computing in some fashion or another.
51 percent who have done a cloud computing activity said, for the most part, they use cloud computing for its ease and convienence.
At the same time, however, 90 percent said they would be very concerned if the company that stored their data gave it to another company.
Which brings us back to yesterday’s post about Apps.gov. McClure told the FCB about some of the conditions surrounding apps offered on the site — one of them having to do with companies securing data.
The cloud is constantly evolving and, so too must security measures, it seems.
Something for agencies to keep in mind, we imagine.
What’s available on Apps.gov — and how you can use it at your agency
FCB has gained some insight into what, exactly, is on Apps.gov and how you might be able to use the tools at your agency.
Dave McClure, Associate Administrator for Citizen Services and Administration at the General Services Administration, gave us some tips — and a lot of explanation — about the site.
On why Apps.gov is important
I think Apps.gov represents the beginning of the federal strategy of moving into the cloud computing environment. It is a beginning step. It’s not the complete solution. The idea is to put largely already available cloud software services up in an organized way on a portal that agencies can get quick access to, and cut through a difficult — and, instead, go through an easy — procurement process to bring those kinds of capabilities on board.
So, it’s largely focused right now on simple applications and we do have our terms of service posted for our social media apps that have gone through some vetting with government requirements for social media tools. Those are shown on the Web site, as well. Those are absolutely free products, as long as the agencies have come to a terms of agreement with the provider.
On some of the barriers of cloud computing
Well, it’s a relatively new area for the government. It actually is for everyone — not just government. There’s still, of course, concerns about security and protection of information in a cloud environment. There are, certainly, concerns about reconstitution of data — if I want to pick it up and move it somewhere else. The biggest issues beyond those technical things are cultural. Letting go of control of equipment and resources, and, instead, buying IT capability as a service. That’s a big culture shift for government.
I think a lot of it’s just control revolving around uncertainty of how this actually operates. One of the biggest issues is, honestly, what is cloud computing? It’s almost like getting economists together and asking what’s the state of the economy? You’re going to get different answers because there are different models, there are different ways of approaching cloud just within government, a hybrid between government and private sector, or pure public clouds. So, some of it stems from the confusion of what this really means and what it is. The other is just fear of the unknown. We’ve never been in this environment — what does it really mean to operate data that I’m accountable for and results that I’m being monitored for in an environment that I don’t have day to day control over.
On who’s responsible for security in the cloud
The short answer is, the assurances are still lie with the purchaser — with the agency. They have to make sure that FISMA requirements are being met. That NIST requirements are being met. The same certification processes have been adhered to by their provider. So you’re not letting go of security, you’re turning it into an exercise where you’re sure your provider is providing that level of security that’s necessary for the type of data that you’re processing and disseminating.
So, the onus doesn’t go away for the agency, but what it does mean is — how do I look inside a visualized data center to make sure that it’s being done? Who audits — who controls whether that certification is real? I think that’s some of the issues that we’re dealing with — is making sure that the standards are being met and that there’s concrete evidence that the data’s actually being protected.
On how cloud computing can save money
I think that’s an area of great interest — is the infrastructure space. We know that the greatest percentage of IT money in the government is spent on operations and maintenance of applications, particularly the hardware in the telecom and infrastructure side.
So, if we’re going to save significantly, we’ve got to reduce costs in those areas. That’s an area where cloud computing has already demonstrated that it can make a difference. Here at GSA, for example, USA.gov is being operated in a cloud environment and has been since May of this year. Already, we can point to tremendous cost savings and much more efficiency in terms of updating the site, flexibility if we need more computing capacity from spikes in user demand — a much more simplified setup from an operational perspective.
We still have a role to play.
We do still monitor what happens with the information. We still do have control over the content management systems, per se, in the application space. Not everything’s been completely turned over to a cloud provider, but the fact that we’re not running servers, we’re not actually doing the operations and maintenance on hardware frees up our developer and engineering time for thinking about next generation applications that we need to be doing to make that site cutting edge.
On how Apps.gov works with vendors
Each of the media providers have what they normally would call terms of service agreements. It’s what you’re clicking on when you’re at home on your own computer and you pull up a nice piece of interesting software. You say, hey I’d like to run that! But before you’re allowed access to it, or if it’s being run off of their server, or, alternatively, if you even downloaded it, you notice you always get that agreement that comes up. You’re asked to say, I accept this.
That’s essentially what a term of service agreement is. You’re agreeing to the terms and conditions on the use and placement of that software in your computer. So, what we’ve done with the terms of service agreements with media providers is to say, there’s certain things that we want you to adhere to if these products are used in the government space.
One, we don’t want your site loading up with advertising.
Two, we don’t want you collecting cookies that devolves personal identification information to you so that you can track someone. We want any legal matters — if there’s ever a dispute involving this software — done in a federal court, not a state court or a court that you the provider chooses because this is a federal application.
So that’s what the terms of service have carefully done — is to negotiate with the new media providers and say these are the special conditions that we want the application to abide by if it’s going to be used in a government environment. It’s basically a minimal set of agreements. Now, each agency — we suggest they take that and implement it as is, or to add to that other conditions they want. That’s what’s up on the Web site.
There are approximately 26 social media tools that have gone through that vetting process that we and agencies have vetted that meet the conditions for government use. There’s another 20 or 30 or so in the queue that we’re going through now and doing the same thing.
On what the future holds
Well, hopefully, you will find very fast more applications loading up for the software-as-a-service area in the business apps, productivity apps side, where those icons are. You should see a growing list of social media tools as more of these agreements are negotiated. The more new and exciting thing that you’ll see coming in the future is, we’re moving into the infrastructure-as-a-service space, where servers, hosting services and even hardware — infrastructure for processing — can be bought as a service through the storefront. So, that’s where we’re moving. Into the infrastructure provisioning, and eventually into platform provisioning after that.
To learn more about this interview, click here.
Is your agency working in the cloud? Or are you still waiting to make the move? Either way, the Federal Cloud Blog wants to hear from you!
Email Dorothy Ramienski: dramienski@federalnewsradio.com.
Cloud Conversations on ‘GITSS’
We call it ‘GITSS’, but the real name of the show is Government IT Solutions Spotlight.
Federal News Radio’s own Chris Dorobek is joined by WTOP’s Adam Tuss to talk about all sorts of issues surrounding IT every Tuesday at 10 a.m.
Which, of course, inevitably brings us to the cloud.
This week, Chris and Adam talk about Nebula with Chris Kemp, CIO at NASA’s Ames Research Center in Silicon Valley.
If you don’t know anything about Nebula — NASA’s cloud platform — I urge you to listen. This is a fascinating interview about how a federal agency is using open source to work in a 2.0 world.
Also, I wanted to highlight a story published on our site last week by Internet Editor Emily Jarvis.
The Daily Debrief talked a lot about the cloud last week, and Emily took two excellent interviews — one with GSA’s Casey Coleman and Dave McClure; and one with Alan Murphy of F5 Networks — to discuss the new site apps.gov, among other things.
To fully understand the changes that Apps.gov brings to cloud computing, it is first important to have the most up to date version of what the cloud is and what it is supposed to do.
NIST defines cloud computing as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.”
Apps.gov is just the most recent development to the cloud. The website is the federal government’s cloud computing storefront.
I urge you to read more here.
DoD’s Chief Information Officer Discusses the Cloud
FCB recently sent out a questionnaire about cloud computing. The following are answers, provided via email, from John J. Shea, (SES) Assistant Secretary of Defense (Networks & Information Integration) DoD Chief Information Officer.
Federal Cloud Blog: Does your agency/organization used shared services in IT? If so please describe.
John Shea: With regards to Services defined by a Service Oriented Architecture – Enterprise (SOA – SOE), the department has most definitely been sharing Services as demonstrated by DISA’s Net-Centric Enterprise Services (NCES) program. One example is their highly successful GIG Content Delivery Service (GCDS) which uses Akamai technology, to provide intelligent routing and forward deployed caching of web-based content. This Service achieves up to 30 times better user performance while offloading up to 90% of the “reach-back” hits to DISA data center infrastructure.
FCB: If you do use shared services, what was your motivation? Have the results been what you expected? What has not gone as well as you’d expected.
JS: In terms of motivation, that’s a simple question to answer. Industry has proven the Services construct to be superior method of delivering capability (in the form of an information advantage). Reuse, shared, scalable, extensible are applicable attributes when describing the Service construct.
The results within the DoD framework have been somewhat slower to realize due in part to the complexity of our applications, the interdependency of the applications and the criticality of associated command and control requirements. However, the maturity of NCES is helping to overcome these issues.
FCB: Now let’s talk about cloud computing. We’ll define it as having a third party host your applications and storage, accessible via the internet in a business model in which you pay. Are you investigating, piloting, using or not considering moving to the cloud? Are you currently doing more than one of these things.
JS: We are investigating and piloting.
When it comes to Cloud Computing, it’s important to understand that it is a “disruptive technology” that requires a new foundation of knowledge to understand. With that said, we are just now beginning to understand this next-generation phenomena.
Additionally, Cloud Computing is still in the “hyper-buzz” phase and still requires several years of maturity before we can adopt in earnest. This doesn’t mean that we should keep our heads in the sand…. just the contrary. When Amazon rolled out their highly successful Amazon Web Services (AWS) it was only done after a five-year planning process.
In terms of investigation, we are actively participating on the Federal Cloud Computing Working Group for early adoption guidance (policy and standards). The work by this WG (directed by Mr. Vivek Kundra and led by the Federal CIO Council) is ground breaking and will set the course for the entire federal government.
Right now, we are not looking at a 3rd party hosting model for the department, but rather planning to utilize DISA’s Rapid Access Computing Environment (RACE) as our primary provider of Cloud Computing Services (Infrastructure, Software and Platform as a Services).
RACE will be coming online early in 2010.
FCB: If you are investigating, piloting or using, which services are part of your efforts: storage, e-mail, other communications (such as instant messaging), office productivity applications, agency-specific applications?
JS: All the above.
RACE Infrastructure as a Service (IaaS) will deliver an “elastic” provisioning of virtualized Certified and Accredited IT hardware components (storage, processing stacks, etc).
Enterprise applications (like E-Mail) and mission specific applications will operate in a multi-tenant environment.
RACE will be coming online early in 2010.
FCB: Please describe your service level agreement, for example, what is required in terms of up time, how fast new users are provisioned, security. That is, what are you getting contractually?
JS: We are just now starting to look at Cloud Computing SLA’s.
FCB: Describe how you pay for cloud services. For example, per user? Per hour agency wide? Is there an initial startup fee for the agency? For each user as he or she is added?
JS: There are a couple of pay-for-service models we are looking at. RACE is looking at offering a “pay only for what you need, month-to-month with no annual maintenance fee” model.
Others will be considered as we complete further investigation and learn as we grow.
FCB: Is your cloud coming from a commercial entity, another agency, or your own agency?
JS: Right now, DISA is our primary Cloud Computing provider.
FCB: Were there any unexpected issues that arose when you initialized your cloud arrangement? If so, please describe it/them.
JS: We are just now in the planning phase for our Cloud Computing Pilots.
FCB: Who (by position, not individual) was part of the decision to move to the cloud model?
JS: Within the Department, the decision to move to a “cloud model” has been an evolutionary process directed by the ASD NII/DoD-CIO.
FCB: Please describe the non-technical issues you had to work through for cloud. For example, agency culture, skepticism from the technology shop or other contractors.
JS: It’s too early to say; however, we feel the biggest barrier will be culture and not technology.
Our DoD Acquisition process for IT could — and I emphasize could — also be a factor.
In the Cloud on the Daily Debrief
This afternoon on the Daily Debrief, hosts Chris Dorobek and Amy Morris talked a lot about the cloud.
In the 3 p.m. hour, they talked with Teresa Carlson of Microsoft Federal.
In the 5 p.m. hour GSA’s Dave McClure and Casey Coleman joined the Daily Debrief in studio!
You can read all about both interviews by going to the Daily Debrief blog page.
Is your agency working in the cloud? Or are you still waiting to make the move? Either way, the Federal Cloud Blog wants to hear from you!
Email Dorothy Ramienski: dramienski@federalnewsradio.com.
GSA's Casey Coleman at the Gov 2.0 Summit
Today on the Federal Cloud Blog, we learn more about what the General Services Administration is doing when it comes to moving to the cloud.
Casey Coleman is the agency’s chief information officer.
She recently sat down with Federal News Radio’s Jason Miller during the Gov 2.0 Summit to talk more about how she’s transforming operations at her agency.
Jason Miller: You’re here at the Gov 2.0 Summit to talk a little bit about cloud and how the vision is going to happen. What kind of message do you hope to get across to the audience?
Casey Coleman: We’re in the early stages of adopting cloud computing and realizing the promise, but this administration really wants to change the way government leverages technology — and cloud computing plays a big role in that — with the promise, or the potential, of making government operations lower cost, faster, more agile and greener — most sustainable. So, the promise is huge and we have to get past the issues of security, of privacy and, potentially, a culture that is averse in some cases to embracing new technologies in rapid order.
JM: GSA has been out in front of the cloud initiative. You, specifically, as leader of the working group from the CIO Council — what are you finding as some of the biggest challenges? Is it an education issue? Is it security and privacy concerns from the IA community? What are you seeing as some challenges during these initial first few steps?
CC: Obviously security is the big challenge. We realize that. Some of the promise of cloud computing is the potential for actually improving security in the sense that, operating in a shared environment with the best possible security can bring up everyone’s standard of security and privacy considerations. On the other hand, when you are in a cloud environment of any sort, you are, by definition, sharing. You’re sharing resources and so that blending of organizational roles and responsibilities and the blurring of traditional system boundaries creates new challenges for how we approach security and calls for us to think about it in a different way. That’s really one of the paramount considerations that we’re dealing with.
JM: I know [a] CIO Council working group is working on security guidance [and] privacy guidance around Web 2.0. Can you give us any kind of update of where we’re at with that — and maybe even an idea of what’s going to be in it?
CC: We’re working closely with them. They have put out a Web 2.0 policy document that is, I think, in review right now. We will be taking that and using it as guidance and as input to put to cloud computing because they’re obviously very closely related. That’s a group of folks who’ve been thinking about this issue for quite some time, so we want to make sure we learn from their analysis.
JM: The other issue that we’ve seen around is the RFP’s — the RFI’s — a lot of activity. I think you have vendors both excited and a little nervous about what’s happening. I spoke to one vendor [who] said, “Listen, we’ve got to play in this. If we don’t, we’re going to get shut out,” and I think it’s almost like another GWAC, which I know you’re not hoping to make it that way, but what kind of feedback are you getting from industry around the cloud initiative in general?
CC: I believe that there is a lot of excitement — a lot of interest from industry. It is important to be engaged in this conversation at this point. On the other hand, this is a long term initiative. This is not something we’re going to flip a switch and turn on over night. So, the conversation will evolve and opportunities will emerge that we don’t know about right now. I would say this is a marathon, not a sprint.
JM: Any status update you can give us? I know maybe things are still in the process around the infrastructure-as-a-service RFQ that came out — or even the software-as-a-service RFI that was reissued? Any update around those?
CC: Just to say there’s been a lot of interest and we’re hoping for robust competition on the RFQ for infrastructure-as-a-service. That is underway right now and we’re anticipating a really good outcome.
JM: As far as the RFI, there’s no timetable as to when you would hope to get another RFQ or RFP out?
CC: Not at this point because we want to build awareness among the vendor community and start to get those firms already on Schedule 70 who are software-as-a-service providers to self-identify and start to categorize themselves so that we can know that they are part of this community.
JM: Let’s move away from your role in the CIO Council and back to your other hat that you wear — GSA CIO. Obviously the office of citizen services {is in the cloud}. Is GSA using it in other ways, as well?
CC: Not at this time. We are looking at other ways in which cloud computing could provide value to GSA. One thing that is something we’re doing some market research on is email and collaboration capabilities in a cloud-based solution.
Is your agency working in the cloud? Or are you still waiting to make the move? Either way, the Federal Cloud Blog wants to hear from you!
Email Dorothy Ramienski: dramienski@federalnewsradio.com.
Transitioning to the Cloud — a Round Up
Federal News Radio has been telling you all about Apps.gov — the new Web site dedicated to getting the federal government into the cloud.
We told you here yesterday about Jason Miller’s story regarding the Web site reveal:
The Office of Management and Budget’s vision for federal information technology [began] with the launch of Apps.gov.
The cloud computing storefront is part of a decade long plan to reduce costs, lower the environmental impact and improve how Americans receive government services.
Read the whole story here.
And here’s video of federal CIO Vivek Kundra making the Apps.gov announcement, which aired on today’s In Depth with Francis Rose.
On today’s Daily Debrief, Chris Dorobek and Amy Morris talked with two of the biggest players on Apps.gov — Google and SalesForce.com.
Matt Glotzbach is Google’s Product Management Director — and Dan Burton is Senior Vice President for Global Public Policy at SalesForce.com.
They talked about helping the federal government move to the cloud — and you can read the full story here.
Is your agency working in the cloud? Or are you still waiting to make the move? Either way, the Federal Cloud Blog wants to hear from you!
Email Dorothy Ramienski: dramienski@federalnewsradio.com.
Talking Cloud with Peter Mell of NIST
One of the folks who knows more about developing the use of the cloud for the government’s purposes is Peter Mell. He’s a Senior Computer Scientist and cloud computing project lead at the National Institute of Standards and Technology and the co-author of NIST’s draft working definition of cloud computing which was just revised on August 19th.
Mell is pretty methodical about how he explains cloud computing. He wants everyone to fully understand the great capabilities it promises but also the specific challenges to government it poses. WFED spoke with Mell about what makes cloud computing what it is and how it can be useful to federal agencies.
WFED: Let’s start out with the basic question. What exactly is cloud computing?
PM: First we have to explain why we’re defining it. A lot of people say it can’t be defined or it doesn’t matter if you define it. Let’s just use it, let’s just talk about it. [NIST] feels it’s really important because without defining it you can’t get the benefits from it that you want. And so we tried to put our whole hands around the industry and say “what is truly cloud” in the industry today? Because you know that every vendor out there wants to be on the latest bandwagon and everyone is saying they are doing cloud. As a government, how can we truly understand what it is? And to do that we had to look at a lot of the benefits that you want to get. So we want significant economic benefits. We want to decrease the use of power. We want to reduce our carbon foot print. What is just as important is we want to be able to Agilely deploy our enterprise operations; to quickly provision and get those applications out there.
WFED: Seems so simple. Why hasn’t this been invented before?
PM: Cloud computing in a way isn’t anything new. It’s the convergence of many different technologies and initiatives that have been maturing over the years and they tried to converge together several times in the last decade but the timing just wasn’t quite right. And I think that we we’ve entered a maturation among enough of these technologies that they truly can converge together now and their convergence can revolutionize our usage of information technology – which gets me back to the definition. What is cloud computing? Computation capabilities provided as services and that’s correct but in the heart of it, where we’re really trying to get the benefit is we’re trying to optimally access and use our data centers. So cloud computing is fundamentally about data center technology.
WFED: NIST has put together 5 of the characteristics of cloud computing to help define it.
PM: Cloud computing is a model for enabling available convenient on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. That hopefully gives you a glimpse of it. [This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.]
To understand, it you have to get into the five characteristics. The first one is On-Demand Self-Service. This is all about the business user, not the CIO shop but the business user being able to decide “I want this” and got get it themselves unilaterally grabs it an the CIO shop maybe managing it or overseeing it to ensure security and compliance and so forth. But it enables the business user to get access to technology.
The second one is Ubiquitous Network Access. So that you can get it over the network through standard mechanisms, through heterogeneou thin, thick clients. It’s very available to you.
The third one is Location Independent Resource Pooling. This is the most technical characteristic. You may not immediately understand why [the government] cares, but it’s critical. The idea is that all of your hardware resources are pooled together in a collective. And as a collective, they are offering computational power to all the customers at the same time. And the software is actually abstracted away from the hard ware so that you don’t know or don’t care even exactly where your processes are running and where your data is stored within that data center.
The fourth is Rapid Elasticity. The ability to quickly expand your use and to decrease your use of the computational capability that’s being provided. So it’s not just scalability. Scalability is your ability to increase the architecture to allow for more demand. But the idea [with Rapid Elasticity] is maybe you have a lot of demand today. Maybe you need to go from ten servers to ten thousand servers today. You can do that within minutes and then once your demand is gone, you can scale back down to one hundred servers.
The fifth has been revised from Pay Per Use to Measured Service. That clouds enable a metering of services being used to automatically control and optimize the resource use. And typically that is often done through Pay Per Use where you have to pay for server time so you’re not going to hog all the servers in the system. I know that one agency built essentially a private internal cloud and they wanted to do the Holy Grail of cloud computing: to increase server utilization from ten percent to eighty percent. What this agency found is that since there was no measuring of the service or optimizing usage by the business users, [the agency] was just using everything that was available. So their server utilization went up to eighty percent but they didn’t actually free up any resources.
WFED: You mentioned security being a big concern for the government. What is NIST doing to make sure vendors understand the needs?
PM: NIST is publishing a series of documents on cloud computing that will discuss security; advantages as well as challenges because we do see those. At the same time the vendor community for the most part understands that for [the government] to use cloud computing we need it to be secure and so they are ramping up their security architectures to provide as robust solutions as possible.
Related Documents:
Effectively and Securely Using the Cloud Computing Paradigm
Home | About Us | Privacy Statement | Terms of Use | Copyright Infringement | EEO Public File Report | Bonneville International
AP material Copyright 2009 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.