Embed Size (px)
Citation preview
How Does DoD View the Cloud
National Defense Industrial Association
12 October 2011
Mr. Robert J CareyDeputy Chief Information Officer
Department of Defense
2
The Warfighter & DoD WorkforceExpects, Deserves & Requires
…Access to information…
Anytime and Anywhere…
Risk Management vs. Risk Avoidance approach
From fixed bases to the tactical edge…
3
…and this is where we do our work
VIEWS OF THE ENTERPRISE
4
VIEWS OF THE ENTERPRISE
5
VIEWS OF THE ENTERPRISE
6
OUR ENTERPRISE IS NETWORKED PEOPLE, ORGANIZATIONS & TECHNOLOGYTHAT ENABLE AN INTEGRATED, HIGHLY CAPABLE WARFIGHTING TEAM.
VIEWS OF THE ENTERPRISE
7
IT Systems
• >$ 38 Billion in FY12
• >$16 Billion in IT Infrastructure
• >$3 Billion for Cyber Security
• 1.4 million active duty personnel
• 750,000 civilian personnel
• 1.1 million National Guard and Reserve personnel
• 5.5+ million family members and military retirees
• 146 + countries
• 6,000 + locations
• 600,000 + buildings and structures
• >10,000 Operational systems (20% mission critical)
• ~750 Data Centers
• ~67,000 Servers
• ~7+ million computers and IT devices
• Thousands of networks
• Thousands of email servers, firewalls, proxy servers, etc.
DoD IT User Base
Total IT Budget
DoD Information Enterprise - Working Toward Cloud Computing
8
Enormous Size, Scope, Diversity and Complexity
9
DoD’s Strategy for Operating in Cyberspace (DSOC)
5 Pillars• Cyberspace as a domain• New defense operating
concepts• Extending cyber defenses• International partners• Technology and innovation
Keep Pace With Technology - Get In Front of the Threat
10
DoD’s Strategy for Operating in Cyberspace (DSOC)
5 Pillars• Cyberspace as a domain• New defense operating
concepts• Extending cyber defenses• International partners• Technology and innovation
Cloud Computing supporting DoD’s Cyber Strategy
11
DoD IT Enterprise Strategy and Roadmap
CyberSecurity
Improve the security of DoD networks and information from all
threats
EfficiencyReduce duplication in
the DoD IT Infrastructure, and deliver significant
efficiencies across the Department
EffectivenessImprove mission effectiveness and
combat power throughout the
Department
Consolidate Infrastructure to Better Operate and Defend
1. Data Center & Server Consolidation
2. Consolidate Security Architecture3. Implement Cross Domain Solution4. Network Standardization /
Optimization 5. Implement Enterprise Identity
Management6. Enterprise Messaging &
Collaboration7. Enterprise Hardware/Software
Procurement12
IT Enterprise Strategy and Roadmap – Initial Actions
13
All data reachable through the “Enterprise Information Environment”
User’s/systems accessed using Identity and Access Management
Web Enabled Applications available to manipulate data in the “Environment”
Access with Thick Client/Thin Client/PDA/any waveform/the Internet from Anywhere
Easily accessible, reliable and survivable computing platforms
Supported by a flexible, robust and protected mesh of communications media
Thin ClientMobile Device
“Enterprise Information Environment”Identity and Access Management
Thick Client
Personal Storage Data SourcesWeb Enabled Applications
??
The Vision
Data Center Optimization
14Core Computing Infrastructure for DoD’s Cloud
Global Footprint
“Franchise” data centers
15
Enterprise Data Center Evolution
-200%
0%
200%
400%
600%
800%
1000%
1200%
1400%
1600%
1800%
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011
Percentage Change
Mainframe Processing
IBM & UNISYS platforms
Centralized database processing
Full data replication (since FY00)
Silos Virtual Tape Systems
Distributed Processing
Client-Server solutions
Internal storage Storage Area Networks (SAN)
Enterprise resource Planning (ERP) implementations
Cloud Computing
Server Virtualization
Services- based acquisitions
Dynamic provisioning
Utility pricing
1994-2002
Storage Workload
Server Workload
Cost
Continuous DECC consolidations and transformations have yielded significant reductions in unit cost
1994-2002 20082002-2008
16
Enabling Data Center Consolidation through Virtualization
Leveraging excess capacity created by the rapid growth in the speed and capacity of processors, memory, network and storage
Current virtual environments:• 1012 VOEs• 147 Hosts• 4 Racks• 253 Windows Licenses• 160 Network Cables• 20 SAN Cables
If these weren’t virtualized:• 1012 Blade/Servers
• 22 Racks• 1012 Windows Licenses• 1024 Network Cables• 128 SAN Cables
Driving additional consolidation: Current CPU utilization often <20%
Delivering the DoD Cloud from the Core Data Centers
17
Facility
Physical Infrastructure
Virtual Infrastructure
Facility
Physical Infrastructure
Virtual Infrastructure
Facility
Physical Infrastructure
Virtual Infrastructure
Facility
Physical Infrastructure
Virtual Infrastructure
Orchestration and Monitoring
Automated Provisioning & Deployment
Self-Service Portal & App Store
Core Data Centers
Secure, turnkey cloud for DoD application developers and enterprise service providers
Automated Security, Performance & Functionality Testing/Reporting
Hybrid Cloud
18
Hosted within globally accessible code data centers that are secure, reliable and robustly interconnected
Common Enterprise Services Delivered from the Cloud
Computing Infrastructure ServicesOn demand, self-service Broad network access
Rapid elasticity Measured service
Platform ServicesIdentity Management Authentication/Authorization
Application Platforms Messaging Content Delivery
Enterprise Software as a Service (SaaS)e-Mail Office Productivity Collaboration
Content Mgmt Customer Relationship Mgmt
19
Agile Development & Continuous Delivery across the DoD Cloud
DoD Enterprise Cloud Environment
Agile development
Rapid IA C&A
Cloud IaaS
Initial Enterprise Capabilities
Cloud Computing: Enabling a new application delivery approach
8/23/2011 Unclassified 20
Large, expensive,
static systems
Yesterday’s system development process
Continuous delivery enabled by the cloud
• Automated testing• Enterprise services• Compliant platforms• On-demand
infrastructure
Emerging needs
Continuous delivery
Program managersDevelopersTestersDecision authorities
Unclassified 21
Using cloud computing to achieve our cyber security goals
9/7/2011
Core Computing Infrastructure
Strong perimeter protections with a vigorous internal sensor grid to detect attack, malicious code, staged exfiltration
Cloud Infrastructure Services
Highly resilient infrastructure supporting dynamic scalability, failover, backup/recovery, and continuous monitoring/alerting
Cloud Platform Services
Application Services
Standardized, STIG’d Platforms with automated patch and configuration management
Identity management and access control services
Mission AppsApplications inherit the security controls from the lower layers enabling accelerated delivery and improved security
22
Using Commercial Provided Cloud Services: Significant IA Challenges
• Issue 1: Cyber Protection: Commercial clouds move computing & storage outside of DoD’s layered cyber defenses and cyber attack detection, diagnosis, and reaction infrastructure.
• Issue 2: Cyber C2: There is no mechanism to effectuate Cyber command and control needed to identify and respond to emerging cyber threats
• Issue 3: IdAM: Maintaining the DoD’s cyber identity credential, direct authentication, and access control models and services when using the cloud is a major concern
• Issue 4: Multi-tenancy: The commercial cloud is shared with non-DoD customers, and the provider must ensure DoD processing and data stays separate, and that other customer’s problems or malicious behavior do not spill over to DoD in a way that causes risk to DoD missions
• Issue 5: Data/Application Visibility – need to ensure that both data and applications are monitored in real or near real time.
• Issue 6: Data Rights: make sure understand who has them over the long term?
23
Commercially Provided Cloud Services: Mitigating the Risks
• DoD extension of Federal Risk and Authorization Management Program (FedRAMP)
– Provides a standard approach to assessing cloud computing services and products for the Federal Government
– Certification driven by NIST Special Pub 800-53 IA Controls– Emerging requirements for audit and monitoring – Joint Approval Board chaired by DoD(CIO), DHS, and GSA– DoD will establish a similar process internally.
• Using cloud pilots to identify additional mitigations– Boundary defenses between sensitive DoD information and non-DoD information– Information encryption in transit and at rest– Use of DoD Internet Access Points (IAP) and Internet Firewalls– Use of certified Computer Network Defense Service Providers (CNDSPs) that
monitors the firewall, IDS and responds to USCYBERCOM tasking
Challenge: Delivery to the tactical edge
Unclassified 24
Cloud
Optimized information delivery, interoperability, synchronization, failover, continuity
25
Way Ahead
• Consolidating DoD infrastructure (networks, applications, servers and data centers)
• Adapting cloud technologies and approaches to enhance our enterprise service efforts– Increasing IT complexity and shrinking budgets is driving switch from
asset ownership to consuming services from others– Initial focus on DoD offered services while defining requirements and
methods to securely leverage commercially provided services
• Publishing DoD Cloud Computing Strategy and developing guidance on the use of commercially provided cloud services– Fall 2011
• Collaborating with the DoD Components, Intelligence Community, other Federal Agencies, and industry partners
Thank YouNational Defense Industrial Association
12 October 2011
Mr. Robert J CareyDeputy Chief Information Officer
Department of Defense [email protected]
27
NS1 - Consolidate Security Infrastructure
NS2 - Consolidate NetOps Centers
NS3 - Implement Cross Domain Solution as an Enterprise Service
NS4 - Implement Standard Certification & Accreditation Process
NS5 - Extend Joint Networks Over SATCOM
NS6 - Implement Video over IP as an Enterprise Service
NS7 - Implement Voice over IP as an Enterprise Service
NS8 - Joint Enterprise Network (JEN)
NS9 - Enterprise Network Infrastructure Reliability
NS10 – Defense Red Switch Network (DRSN) Rationalization
CS1 - Data Center & Server Consolidation
CS2 - Computing Infrastructure & Services Optimization
CS3 - Cloud Computing
CS4 - Service Desk Consolidation & Optimization
ADS1 - Enterprise Messaging & Collaboration Services (including Email)
ADS2 - Identity & Access Management Services
ASD3 - Enterprise Services
ASD4 - Records Management
EUS1 - Next Generation End-User Devices
EUS2 - Multi-Level Security Domain Thin-Client Solutions
EUS3 - Interoperability Within DoD & Between Mission Partners
BP1 - Consolidate Software Purchasing
BP2 - Consolidate Hardware Purchasing
BP3 - Optimize IT Services Purchasing
BP4 - Common Business Process Foundation
BP5 - Promote & Adopt “Green IT”
Candidate Efforts
Efficiency, Effectiveness & Cyber Security
Initiative Near Term Use Case
Challenge: Delivery to the tactical edge
Optimized information delivery, Interoperability, synchronization, failover, continuity
Enterprise Core Data Centers Regional
Data Centers DeployableNodes
Edge/TacticalNodes
3G
3G
3G
DISN Core NetworkEdge
Network Edge RF Network
29
IaaS: Accelerated Delivery of New Capabilities
UNCLASSIFIED
Current Development
ProcessDev Provision Build QA
ProvisionQA + IA Deploy
Continuous Delivery
DEV QA + IA
Start Finish
Self-service provisioning Consume portfolios of
standardized, policy compliant services. platforms and applications
Build Automation Eliminate manual
build environment config/setup
Automate testing during off-hours
Environment Promotion Seamlessly migrate and
promote environments from Dev through delivery to desired environments.
Accelerate delivery to cloud or bare metal
DEV
