A packed room of more than 500 vendors, industry associations and civilian and military stakeholders likely left with more questions than answers when it comes to the Defense Department’s new cloud initiative.
DoD held an industry day to roll out its initial thinking about its Joint Enterprise Defense Infrastructure (JEDI) Cloud program, and instead of putting to rest rumors and perceptions, officials opened the door to more confusion and uncertainty.
Brig. Gen. David Krumm repeatedly emphasized JEDI is not an IT system or an IT contract.
“This is effort by all of DoD,” Krumm said yesterday in Arlington, Virginia. “The Joints Requirements Oversight Council…has defined the requirements for this project. Let there be no doubt these requirements are demanding. They are tough and they are what we need to kick start DoD into using the cloud. We need you to look at this from the warfighters’ lens, which is what I want you to take out of today, this is not an IT project. We need availability, with no single points of failure across a diverse geographic landscape, which means across an austere or connectivity challenged areas across the globe.”
Understand progress being made in the evolving cyber scorecard. Download our free Expert Edition: Cyber Exposure in DoD.
Chris Lynch, the director of the Defense Digital Service, said JEDI is foundational for DoD to build better capabilities and meet the warfighters’ needs.
“We have three goals for JEDI. We want to bend DoD around the commercial cloud not the other way around. We want it here and out in austere environments. We will bring capabilities to the warfighter. We have failed if we do not do that,” he said. “We must offer foundational blocks. Those that give us the ability to experiment with new things we have yet to anticipate. We need compute, network, storage and security that gives us the ability to play.”
The third goal is for JEDI to be more than a data center, but provide better monitoring, failovers, scalability and access to new and emerging technology such as artificial intelligence.
Krumm and Lynch’s aspirational goals soon floated back to reality when the JEDI Cloud program manager Lt. Col. Kaight Meyers, Capt. Dave McAllister, of DoD’s Strategic Capabilities Office, and Chanda Brooks, the JEDI contracting officer, all reverted back to the old style of DoD thinking that is perspective and requirements based.
Brooks said JEDI is infrastructure- and platform-as-a-service, but not software-as-a-service. Some vendors took that to mean DoD’s is limiting innovation right off the bat because it’s stipulating the field industry can play on. And to add to the confusion, the draft solicitation calls on vendors to provide SaaS offerings, including virtual machine apps, enterprise tools such as office productivity suites, enterprise resource planning and customer relationship management tools.
“The day started off unexpectedly refreshing with discussions about mission and values,” said one industry executive, who attended the briefing and asked for anonymity. “But as the different speakers went, it became clear this was more and more of an IT system. They are acquiring infrastructure. It has to be commercial cloud.”
Another industry source added DoD is putting itself in a box by calling out only commercial cloud instead of asking for capabilities or outcomes and letting industry figure out how to deliver them.
“DoD didn’t talk about additional capabilities to advance data so is that not part of the evaluation?” the first source said. “The value of commercial providers is they understand the customer, they understand the technology and can tailor the capabilities to the customers’ needs.”
The source said DoD could buy IaaS or PaaS from the General Services Administration’s schedules program or any number of existing multiple award contracts so JEDI should be about getting innovation to the warfighter.
Probably the biggest unanswered question is what does DoD mean by a single award for the 10-year multi-billion dollar contract, and whether it wants a single cloud or not?
Some vendors said it sounds like DoD wants a cloud broker who can give them access to multiple cloud providers.
Others say DoD continues to follow the same path as the CIA with its classified cloud initiative where the spy agency hired Amazon to be its single provider.
“I think they know what they want and set the criteria that allows them to shrink the bids and get there,” said the first industry source. “That is why they want to limit to IaaS or PaaS.”
Sam Gordy, general manager of IBM Federal echoed similar concerns if DoD decides to go with a single cloud provider.
He said in an email statement, “The Pentagon would never limit the Air Force to flying only cargo planes for every mission. Locking the entire U.S. military into a single, restrictive cloud environment would be equally flawed.”
The real signal of where DoD wants to go is the draft request for proposals it released yesterday.
Brooks, the contracting officer, said while the Pentagon feels good about the draft, industry feedback will be essential to finalize the solicitation.
Brooks said vendors should closely read and provide feedback on the two-step evaluation criteria. The first step is a self-assessment called the gate criteria. The second step is the technical evaluation criteria.
DoD expects to receive feedback from vendors by March 21 and release the final RFP in May.
Brooks said DoD intends to make the JEDI Cloud award in September, and then begin a series of pilots using the commercial capabilities.
DoD officials strongly encouraged vendors to read through the draft RFP to answer many of their questions.
In repeated questions trying to answer many of the same concerns from industry during a press call later in the day on Tuesday, DoD official referred back to gate criteria.
“The department is not dictating how teams formulate but ultimately it will be a contract going to one particular proposal,” said Sharon Woods, the Defense Digital Service’s general counsel. “Those gate criteria really broadcast what the department is looking for and they are on a pass fail basis. I think industry, in particular will really understand what those criteria mean and understand how to position themselves to be competitive in this environment.”
Officials also struggled to explain why a single cloud vendor would make sense for DoD given the potential risks.
Tim Van Name, the deputy director of the Defense Digital Service, said the solicitation meets the department’s requirements.
“The lack of standardization and interoperability today create pretty significant barriers to accessing our data where and when it’s needed, especially on tactical edge on the battlefield. The decentralized management and our inability to automate provisioning and configuration overburdens our team,” Van Name said. “We believe that a multiple award cloud would exponentially increase the overall complexity. Systems in different clouds even when designed to work together would require complex integration, which raises the bar for the development, testing and ongoing maintenance. The department would have to manage the seams between the various cloud hosted applications and deal with the challenges associated with accessing data in multiple cloud environments. We are confident that this single award is the best approach for the department. But I want to reiterate very specifically this is a full and open competition and it’s about the best proposal.”
Essye Miller, DoD’s acting CIO, said part of what JEDI will do it hardened and standardize the more than 500 cloud projects currently underway across the military.
DoD created the Cloud Executive Steering Group in September and reconfigured it January, charging it with developing a way forward to get DoD to adopt commercial cloud more quickly.
Contractors have been closely watching the CESG, looking for more details and DoD’s acquisition strategy.
This is why the industry day was so important to finally answer questions.
Instead, DoD didn’t do enough to explain or alleviate industry concerns about its strategy or the future of JEDI and potentially created even more confusion.