NOAA Federal Data Center Consolidation Initiative … Toolkits/The Cloud... · NOAA Federal Data Center Consolidation Initiative (FDCCI) FY2013 Project Overview A briefing to the

NOAA Federal Data Center Consolidation Initiative (FDCCI) FY2013 Project Overview A briefing to the NOAALink Partners April 2, 2013

Tim Howard, NOAA FDCCI Project Lead [email protected]

Ajith Abraham; Ashfaq Dawood; Bill Stearn; Catherine Ossi; Cindy Diehl; Curtis Roberts; Darren Smith; Harry Tabak; John Unekis; Joseph Volsch; Ken Farber; Matthew J. Smith; Olga Brown-Leigh; Parmesh Dwivedi; Peter Couture; Randy Chambers; Rich Beeler; Scott Nahman; Simmons Lough; Vincent Garcia;

2

NOAA Outcomes: Teamwork Honors Those Who Served

NOAA FDCCI NOAALink 4/2/2013 2

The remains of two unknown USS Monitor sailors, recovered by NOAA and the U.S. Navy in 2002 from the ship’s gun turret, were buried on March 8, 2013, with full military honors, at Arlington National Cemetery. USS Monitor sank in a New Year’s Eve storm just over 150 years ago, carrying 16 crew to their deaths.

Summary Slide

• We need to save money delivering IT services to our Line Office mission customers. – OMB objective is to consolidate 40% (NOAA ~65) of non-Core data centers to reduce IT costs; Cloud

Computing/Virtualization is part of the implementation strategy. – NOAA’s approach: Virtual Data Center that provisions compute and storage capabilities using NOAA

Private and Public Cloud resources centrally managed by NOAA OCIO Services Delivery Division. • To meet the above objectives, we plan to issue two awards for Cloud Computing Services

– FY2013: NOAALink Public Cloud: provide cloud services landing pad(s) for existing NOAA users and services, focused on FISMA Low and some Moderate systems, to support data center consolidation efforts.

• Four initial customer applications; expand to include other applications as requested; • Complete migration of identified sites by end of Q2 FY2015 • Focus of this interaction

– FY2014: NOAA Private Cloud: provide design/build services to organize a private cloud from existing NOAA Core data centers, focused on FISMA High and some Moderate systems with sensitive information, to support data center consolidation efforts

• Out of Scope for this discussion; more information to follow later in FY2013

3 NOAA FDCCI NOAALink 4/2/2013

4

From the Beginning…

Beginning at the mouth of the Missouri, you will take careful observations of latitude & longitude … Your observations are to be taken with great pains & accuracy, to be entered distinctly & intelligibly for others as well as yourself, to comprehend all the elements necessary, with the aid of the usual tables, to fix the latitude and longitude of the places at which they were taken … Other objects worthy of notice will be … climate, as characterized by the thermometer, by the proportion of rainy, cloudy, & clear days, by lightening, hail, snow, ice, by the access & recess of frost, by the winds prevailing at different seasons, the dates at which particular plants put forth or lose their flower, or leaf, times of appearance of particular birds, reptiles or insects. from President Thomas Jefferson's Instructions to Captain Meriwether Lewis (June 20, 1803)

Source: President Thomas Jefferson's Instructions to Captain Meriwether Lewis (June 20, 1803) http://www.library.csi.cuny.edu/dept/history/lavender/jefflett.html NOAA FDCCI NOAALink 4/2/2013

5

Monticello – an early data center

• Jefferson’s “PDA/tablet” with manual uplink to his “desktop” ledgers – early BYOD…

• Continual observations on 2 continents for over 40 years

• Recruited volunteer observers (sensors) at any opportunity

Source: memory.loc.gov Source: http://www.loc.gov/exhibits/jefferson/images/vc65.jpg

4th of July readings: Hr Min Temp 6- 0 am 68. 9- 0 721/4

1- 0 pm 76. 9- 0 731/2

Source: “Weather observations,” http://wiki.monticello.org/mediawiki/ index.php/Weather_Observations (2007) “Weather observations in early American history,” http://celebrating200years.noaa.gov/foundations/weather_obs/welcome.html#earlyyear (2007) NOAA FDCCI NOAALink 4/2/2013

What Business are We In?

• The NOAA Mission: Science, Service, and Stewardship. – To understand and predict changes in climate, weather, oceans, and

coasts, – To share that knowledge and information with others, and – To conserve and manage coastal and marine ecosystems and

resources. • NOAA IT Enables Our Mission

– Mission Services we provide to our Citizens: ERMA; Habitat, IVR; – Enterprise Services we support for our internal Customers: Travel

Advisory


7 Source: Wikipedia http://en.wikipedia.org/wiki/May_2007_tornado_outb

May 4, 2007 Tornado Disaster destroys Greensburg, KS •Extended tornado outbreak May 4-6, 2007; Central United States. •Evening of May 4, about 95% of the city of Greensburg destroyed by an EF5 tornado; one of 25 tornadoes confirmed that night •84 tornadoes were confirmed reported on May 5 in the same area. •14 more tornadoes were confirmed on May 6 in the same general area before the activity subsided •14 people killed; at least 60 people were injured in Greensburg alone •Damage assessed at $268 million

NOAA Outcome: Warnings Save Lives

Source: Wikipedia http://en.wikipedia.org/wiki/May_2007_tornado_outb NOAA FDCCI NOAALink 4/2/2013

8

IT Enables NOAA’s Mission and Enterprise Services

NOAA Mission

NOAA Customers

Other Govt Academia Public International Commercial

Serv

ice A

reas

Portal Governance

Infrastructure Services

Security

Interface Services Mobile Devices Applications Social Media

Mission-Unique Services Enterprise Services

Sate

llite

s

Mar

ine

& A

viat

ion

Clim

ate

& W

eath

er

Oce

an

Res

earc

h

Fish

erie

s

HR

Fi

nanc

e Pr

oper

ty

Rec

ords

M

anag

emen

t A

cqui

sitio

n D

eskt

op/H

elp

Des

k

Voi

ce

Emai

l/Col

labo

ratio

n

Dis

sem

inat

ion

Geo

spat

ial

Transport Computing Storage Archive Facilities

Policy Customer

Relationship Performance Architecture

Change Portfolio Mission

Continuity Compliance

Service Catalog Service Registry

NOAA FDCCI NOAALink 4/2/2013

OMB Federal Data Center Consolidation Initiative (FDCCI)

• OMB Objective: Reduce data center footprint by 40% by end of FY2015

– 162 data centers not counting 122 WFOs; 40% of 162 is 65; we have closed 4 in FY12, and have 5 almost there as of March 2013

• NOAA Objective: Reduce data center footprint to approximately 20 Core Data centers, not including WFOs and other operations facilities

– Provide NOAA users with virtual data center services via NOAA Private and Public Cloud, centrally managed by OCIO Services Delivery Division

• Benefit: Reduced operating costs by reducing data center physical footprint

• FY2012 Results: Strategic concept developed; inventory updated; 4 data centers Closed;

• FY2013 Approach: Execution Project with 4 major tasks – Task 1: Inventory & Cost Modeling: What do we have now,

and what does it cost to operate? – Task 2: To-Be Architecture: The 5-year plan – what does our

end state look like? – Task 3: Cloud/Virtualization: What do we need to migrate to

cloud and virtualization capabilities? – Task 4: FY2013 Implementation: Which sites do we

consolidate, and to where? • Today is part of Task 3, with the idea to support Task 2 and Task 4

9

OMB Data Center Definition2: • a closet, room, floor or building for the storage, management

and dissemination of data and information. • Such a repository houses computer systems and associated

components, such as database, application, and storage systems and data stores.

• A data center generally includes redundant or backup power supplies, redundant data communications connections, and environmental controls (air conditioning, fire suppression, etc.) and specialty security devices housed in leased (including by cloud providers), owned, collocated, or stand-alone facilities.

• Under this revised definition, neither square footage nor Uptime Institute tier classifications are required to define a facility as a data center.

• This definition excludes facilities exclusively devoted to communications and network equipment (e.g., telephone exchanges and telecommunications rooms)

FDCCI Goals1: • Promote the use of Green IT by reducing the overall energy

and real estate footprint of government data centers; • Reduce the cost of data center hardware, software, and

operations; • Increase the overall IT security posture of the government;

and • Shift IT investments to more efficient computing platforms and

technologies

1. Kundra. (2/26/2010), Memorandum for Chief Information Officers: Federal Data Center Consolidation Initiative 2. VanRoekel. (3/19/2012). Memorandum for Chief Information Officers: Implementation Guidance for the Federal Data Center Consolidation lnitiative (FDCCI) Guiding principles for NOAA Data Center Consolidation


FY2013 Execution Project Approach

• Task 1: Inventory & Cost Modeling: What do we have now, and what does it cost to operate? – Update and maintain data center Inventory annually; initiate application mapping in FY2013 – Assess data center Non-Recurring and Recurring Costs to inform consolidation decisions – What are the costs of consolidation vs costs to remain in place?

• Task 2: To-Be Architecture: The 5-year plan – what does our end state look like in FY2018 (DUS-O Action)? – Develop Data Center To-Be architecture leading to Preliminary Design Review in Q4 – Incorporate OCIO Enterprise Architecture approach – Propose NOAA Private Cloud components – those federal data centers that will be Landing Pads for consolidation – and catalog IT

services offered at those sites (telephone, LAN, other) • Task 3: Cloud/Virtualization: What capabilities do we need to successfully migrate to cloud and virtualization capabilities?

– Assess Public vs Private Cloud technical and cost aspects and Virtualization approach, process, and risks – Work with OCIO EA and AGO to establish initial cloud services capability to support consolidation efforts – Work with OCIO Corporate Services to take advantage of Commerce web site consolidation efforts

• Task 4: FY2013 Implementation: Which sites do we consolidate, and to where? – Identify NOAA sites to be consolidated and landing pads – NOAA Private Cloud sites or NOAALink outsourced cloud service providers – Prove concept using recent, ongoing, and new efforts, e.g. College Park move; ITC lease closeout; JPSS Consolidated Backup at

Fairmont; chose from sites identified by LO for FY2013 consolidation activities – Identify initial consolidation planning for FY2014 and FY2015 based on FY2013 cost assessment

• FY2013 Results: Validated FY12 inventory; identified To-Be Architecture, including initial proposed Private Cloud sites at Boulder, College Park, Fairmont, and Seattle; initiated Cloud/Virtualization analysis with AGO; identified 19 candidate sites for FY13 consolidation efforts


What We Want to Look Like in FY2018


• Virtual data center that ties together NOAA Private Cloud and NOAALink Public Cloud assets through a central provisioning function managed by OCIO Service Delivery Division

• NOAA Private Cloud consists of approximately 20 NOAA federal facilities knit together in a cloud service fabric for FISMA-High and sensitive FISMA-Moderate systems

• NOAALink Public Cloud provided by NOAALink vendor(s) for some FISMA-Moderate and all FISMA-Low, and a development environment for all systems as appropriate

• NOAA websites to be hosted within the Department of Commerce enterprise website hosting capability being developed separately (out of scope)

Where We Want To Be: NOAA Data Center

FY2018 Architecture


NOAALink Public Clouds

FDCCI Project aligns with NOAA’s Cloud Strategy

Implementation Step Phase

Select Provision Manage Identify services for transition to cloud

X

Virtualize legacy services X? X Create “Landing pad” for cloud service requirements

X

Align NOAA’s policies and governance to enable and accelerate cloud transition

X

Conduct cloud computing training, education and outreach

X

Schedule and execute transition to cloud

X

Monitor transition progress and manage risk

X

NOAA Cloud Strategy • Reduce Overall Cost of Data Center Ownership

(CAPEX/OPEX) • Work with NOAALink partners and Line Offices to

consolidate data centers, drive down costs, and secure assets and services to better enable NOAA’s mission.

• Develop a “Landing Pad” – a vetted and ready-for-use solution.

• Once a landing pad has been established, System Owners may transition their legacy services/systems to the cloud at any time.

• Cloud service broker model: Private and Public Cloud provide services via Virtual Data Center

– Application & Data Hosting – Centralized Provisioning – Enterprise Costs Visibility

• Multi-Year Phased Migration NOAA FDCCI NOAALink 4/2/2013 13

What We Want to Learn from You

• Application & Data Hosting • Cloud Brokerage Services • Service Level Agreements • Provisioning • Costs and Visibility • Information/Cyber Security • Cloud Service Models • Transition and Migration Planning


15

NOAA Outcome: Applications Sustain Livelihoods


•America’s seaports support employment of 13.3 million U.S. workers. •In 2007, U.S. seaport activities generated $3.15 trillion annual economic output, with $3.8 billion worth of goods moving in and out of seaports every day. •Coastal watershed counties contributed $8.3 trillion to the Gross Domestic Product (GDP) in 2010, over half of U.S. GDP and 66 million jobs.

John Martin, Ph.D., “The Local and Regional Economic Impacts of the U.S. Deepwater Port System, 2007”, prepared for the American Association of Port Authorities, June 2008, p. 5. Bureau of Economic Analysis. 2011. Gross Domestic Product (GDP) for the U.S. Territories. http://www.bea.gov/national/gdp_territory.htm. Bureau of Labor Statistics. 2011. 2010 Census of Employment and Wages. Available from: http://www.bls.gov/cew/. http://oceanservice.noaa.gov/gallery/image.php?siteName=nosimages&cat=Air%20Gap%20at%20Work

USS New York uses NOAA PORTS® to head to sea, 6/27/2009

Application & Data Hosting

• Application & Data Hosting: – Approaches to identifying, inventorying, and mapping applications in situ as part of

preparing to migrate the applications to the cloud – Processes by which application code and runtimes can be migrated from NOAA premises to

cloud environment. – Processes by which associated data can be migrated from NOAA premise to cloud

environment and vice versa. – Processes by which cloud-based applications may access data hosted within a non-cloud

environment. – Timelines, with approximate duration of intermediate steps, to accomplish migration, tiered

based on size and complexity of current application hosting environment (10 hosts, 100 hosts, etc)

– Pros and Cons of Virtualizing first before moving to the Cloud – What sort of data preservation options do you offer? Is this NARA-compliant "preservation"?

Or merely high-reliability backup? – What are your file size limitations if any?


Just a Few Apps… ;-)

• Above list is not exhaustive, and not all are cloud migration candidates; some may actually be interfaces with the applications we do move to the cloud.

• “when an agency wants to have the most impact in optimizing its data centers, it needs to first rationalize its application inventory.” (OMB M13-09)

• We will use our FY2013 consolidation sites to establish the approach for an applications inventory; your suggestions or demonstrated competence are invited 17

Enterprise Service Examples of Applications in Use Human Resources webTA; eOPF; USAJobs; HRConnect Finance Commerce Business System (CBS); eCPIC; Travel Manager; Property Commerce Sunflower Tool Records Federal Register for Public Comment Acquisition NOAALink-AGO Partnership; IT Services Strategic Sourcing; C.Request Desktop/Help Desk National Service Desk Voice HQs VoIP Consolidation Email/Collaboration Universal Messaging Service (Google Apps for Government) Dissemination Integrated Dissemination Program; DOC Website Consolidation Geospatial Environmental Response Management Application® (ERMA); NGDC GIS Portal; The

Digital Coast; ESRI ArcGIS and related software Information/Cyber Security CyberSecurity Assessment Management (CSAM); HSPD-12 Identity Management;

ArcSight Log Management; Tenable Security Center (NESSUS) User Desktop Services Microsoft Office and associated applications; Adobe products;


What We Have Today: Virtualization: Average is 8.11%

050

100150200250300350400450

#VirtualOS#VirtualHost

Virtualization By Line Office

#Virt

ual H

ost

#Virt

ual O

S

Tota

l Ope

ratin

g Sy

stem

s

% V

irtua

l

Virtu

al OS

/Hos

t Ra

tio

#Virt

ual O

S pe

r V-

Host

NESDIS 103 306 2339 13.08% 306/103 2.97

NMFS 55 129 921 14.01% 129/55 2.35

NOS 105 129 619 20.84% 129/105 1.23

NWS 102 314 2737 11.47% 314/102 3.08 NWS WFO 0 4 3627 0.11% 4/0 0.00

OAR 46 149 1193 12.49% 149/46 3.24

OCIO 160 98 614 15.96% 98/160 0.61 OCIO-HPC 18 84 2983 0.00% 84/18 4.67

OMAO 9 14 95 14.74% 14/9 1.56

Total 598 1227 15128 8.11% Average 2.19


012345

#Virtual OS per V-Host

#VirtualOS perV-Host

Cloud Brokerage Services

• Cloud technology and related landscape of cloud service providers is rapidly changing. NOAA seeks solutions that will minimize the resulting impact on NOAA applications: – Capabilities where cloud offerings by multiple commercial cloud service providers

are aggregated for NOAA customers; this may include federated approaches. – Offeror provides Value-added services such as integration and customization. – Long term manageability of cloud resources is enhanced. – Integration with existing NOAA OCIO operational processes, e.g. National Service

Desk. – Examples of how a Cloud Services Broker is being employed today, and

lessons/experience from that employment


Service Level Agreements

• Service Level Agreements (SLAs): How do Offerors plan to provide and satisfy enforceable SLAs including but not limited to:

– Scalability: NOAA is seeking scalable cloud services that can adapt to changing NOAA requirements.

– Uptime/Availability: NOAA is seeking highly available cloud services environment. What availability levels do you support?

– Roles & Responsibilities Matrix: Roles and responsibilities assigned to “cloud consumer”, “cloud provider”, and “cloud broker”.

– Data Preservation and Data Redundancy. – Support call response time and problem resolution time. – Performance monitoring and system response time. – Core provisioning speed. – What End-to-end bandwidth and latency (NOAA to cloud provider) can be supported?


Provisioning

• Provisioning: NOAA seeks solutions capable of providing: – Centralized Provisioning: Services delivered on demand from anywhere via a uniform and

central interface. – Demand Flexibility: Dynamic de-provisioning to match downturns in demand. – Rapid Provisioning: Quick automatic deployment of requested resource(s). – Unplanned Demand: provisioning in response to unplanned/unanticipated user demand for

NOAA services, e.g. increases in user activities associated with ongoing or forecasted severe weather events such as hurricanes, tornadoes, or winter storms. Can your services scale dynamically to allow for flexible response to public demand during events such as major hurricane?

– Do you allow self-service provisioning of VMs? What controls can be set on these? • What level of technical support will be available to the average NOAA user? To a NOAA system

administrator? By what methods can NOAA receive support? • Do you offer IPv6 support in IaaS, PaaS?


What We Have Today: Physical Server Count by Server Type

by Line Office

0

500

1000

1500

2000

2500

3000

3500

4000 Physical Servers by Line Office

Main

fram

es

(IBM/

cmpb

le)

Main

fram

es

(Oth

er)

Win

dows

Se

rver

s

Unix

Serv

ers

Linu

x Ser

vers

HPC

Clus

ter

Node

s

Othe

r

Virtu

al Ho

sts

Subt

otal

NESDIS 0 0 634 380 955 0 64 103 2136

NMFS 0 0 379 21 360 0 32 55 847

NOS 0 0 301 63 106 0 20 105 595

NWS 0 0 490 92 1468 332 41 102 2525

NWS WFO 0 0 605 126 2853 0 39 0 3623

OAR 0 1 160 56 749 49 29 46 1090

OCIO 0 10 296 92 106 0 12 160 676

OCIO-HPC 0 0 7 0 363 2523 6 18 2917

OMAO 0 0 75 0 6 0 0 9 90

Total 0 11 2947 830 6966 2904 243 598 14499


Costs and Visibility

• Costs & Visibility: NOAA seeks cost-effective, industry competitive solutions based on enterprise cost models: • Demonstrate how NOAA will maintain visibility into program costs, metering, billing, associated schedules, technical

performance, and risks. • What kind of metrics reporting do you provide? Do users have immediate visibility into the cost model and ability to control

cost overruns? • In a multi-system environment, can you provide metered billing by application? Can you submit invoicing based on the

metered use by system that we can charge back to our internal users? • Identify notional costs to migrate applications from legacy environment to applicable cloud service, based on common

approaches. • Identify notional annual cost (comprehensive, end-to-end) to operate/maintain for three years, which can be presented as an

average annual cost per server metric; other recommended industry standard metrics are requested. • Identify industry-standard and federal pricing models for unplanned demand for NOAA services. • Current commercial or federal-approved cost models may be presented to help NOAA understand this topic. • Are you willing to enter into a "shared savings" agreement? We show the actual cost of our current operations. You propose

an alternative environment with projected savings. We split the savings equitably. You only make money if the savings are actually realized.

• How will you provide visibility into your sub-contractor cloud provider operations? • How will requirements and liabilities, e.g., for IT Security and protection of sensitive data (e.g.,Privacy Act), flow down to sub-

contractor cloud providers?


Information/Cyber Security

• Identify security benefits of moving to the Cloud. • Identify capability to host FISMA Low and Moderate applications. • Provide status of Authorization To Operate (ATO). • Rely on US-based hosting/storage/processing; some NOAA applications may not be permitted to be hosted in locations outside the United States

or its territories, and some NOAA information may not be able to be processed outside the U.S. • Identify security controls from NIST 800-53 for which Offeror will be responsible, and controls assumed to be NOAA’s responsibility to implement. • Address how you would integrate your solutions with NOAA Enterprise Security Services, including NOAA Security Operations Center (SOC)

(e.g., automated feed of audit log data for event correlation), NOAA Cyber Incident Response Team (N-CIRT), NOAA Enterprise Continuous Monitoring Operations (ECMO), and NOAA HSPD-12 identity and access management. NOAA uses the DoD Common Access Card (CAC) for HSPD-12 compliance.

• How would you support NOAA requirements for vulnerability assessment, patch management, and defense against malicious software? NOAA uses the Tenable NESSUS vulnerability scanning tool, participates in the Commerce IBM Tivoli Endpoint Manager (Big Fix) patch management tool procurement, and provides McAfee Endpoint Protection products as an enterprise service.

• How will you meet continuous monitoring requirements for control assessments, risk mitigations (Plans of Actions and Milestones) and reporting? • How would you meet Trusted Internet Connection (TIC) security requirements and how could you integrate with NOAA TICAPs? • Security concerns: How can sensitive data on file sharing servers be protected? • How is PII or other sensitive information (ITAR, EAR, Acquisition) managed in a cloud environment? • How could a NOAA organization maintain local control/management of PII and other similar sensitive information? • What will the Cloud Contractor penalty/liability be if the security requirements, activities, and deliverables are not met? • Disaster Recovery: cloud solutions that provide continuity of operations at an acceptable level in the face of a major incident or disaster. What

geographic locations do you support? • In what way do you think NOAA’s high impact systems,(e.g., satellite ground systems) could best make use of your services to satisfy COOP

requirements?


Cloud Service Models

• Cloud Service Models: NOAA is seeking vendor recommendations on appropriate service models (Software as a Service - SaaS, Platform as a Service - PaaS, Infrastructure as a service – IaaS etc.).

• What kinds of applications would you suggest NOAA implement in a private cloud? On a public one? What kinds of Linux VMs do you support?

• How would you suggest NOAA utilize PaaS in its operations? • What open source, industry standard solutions do you offer for Iaas, PaaS, SaaS? • Which services that NOAA uses do you offer in a SaaS model? • What open source, industry standard SaaS solutions do you offer? • What would you recommend for hosting 18 PB of publicly accessible data with an anticipated

dissemination requirement of around 24TB/day? What would the cost be like for your solution? • What solution would you recommend for delayed-mode reprocessing of 2 million satellite images

comprising 15 TB of data from L1B to L2 and L3? (Say, 18 TB of output)?


What We Have Today: Storage Utilization by Line Office

26

01000200030004000500060007000

SAN/NAS/DAS - Total(TB)

SAN/NAS/DAS - Used(TB)

Storage SAN/NAS/DAS - Total

(TB)

SAN/NAS/DAS - Used

(TB)

Percent Used

% of Total Avail

NESDIS 3772.80 2866.02 75.97% 20.56%

NMFS 1054.10 511.69 48.54% 5.74%

NOS 1320.21 847.71 64.21% 7.19%

NWS 2460.80 2208.60 89.75% 13.41%

NWS WFO 704.20 325.89 46.28% 3.84%

OAR 1642.70 1092.48 66.51% 8.95%

OCIO 1121.10 701.44 62.57% 6.11%

OCIO-HPC 6208.00 4044.00 65.14% 33.83%

OMAO 68.00 31.95 46.99% 0.37%

Total 18351.91 12629.78 68.82%


NOAA Report to Congress on Environmental Data and Information Systems Management 2009 (July, 2010)

Transition and Migration Planning

• Transition and Migration Planning: – Identify timelines for migration of applications to the cloud capability, including migration planning,

establish permanent cloud-based virtual application hosting environment, actual migration duration. – Identify other migration planning requirements that need to be provided by NOAA. – Planning for onboarding existing applications to cloud capability. – Assisting NOAA Line Office users in developing cloud capability to support emerging needs.

• Data ownership and portability: Even companies that seem to dominate their industry can fail; if your company ceases to function, or is bought by a foreign entity, how do we get our data back so we can migrate it to a replacement data center?

• Exit Strategy: NOAA is seeking solutions that provide a reasonable exit strategy and prevent vendor lock-in. Offerors’ solutions should include:

– Provisions for data exchange – Provisions for data portability – Remedies in case of failure to meet SLAs


28

NOAA Outcome: Science Informs Decisions


LTJG Heather Moe, NOAA Corps, explains atmospheric research being conducted at NOAA’s South Pole Atmospheric Research Observatory (ARO) to Norwegian Prime Minister Jens Stoltenberg (December 2011). The Earth System Resources Laboratory Global Monitoring Division, within the NOAA Office of Oceans and Atmospheric Research (OAR), manages five such observatories, which contribute measurements to 3324 data sets provided to the general public through the ESRL website. Photograph by Peter Rejcek, National Science Foundation, December 13, 2011; www.usap.gov.

What do We Need from Our NOAALink Partners?

• Public Cloud Services landing pad(s) that can support our NOAA business customers, especially for FISMA Low and Moderate systems, starting with the following applications, and capable of expanding as needed – NOS Environmental Response Management Application (ERMA) – NMFS Habitat Restoration Atlas – NOS CO-OPS Interactive Voice Response System – NWS International Affairs Travel Support Application


30 NOAA FDCCI NOAALink 4/2/2013 30

NOAA Outcome: Partnership spreads knowledge

NOS Environmental Response Management Application (ERMA)

• Host and serve public-facing content that comprises the Environmental Response Management Application (ERMA). • Information on servers can be regularly updated by NOAA staff and automatic periodic updates (e.g., hourly, daily, weekly)

from servers at Federal agencies contributing content. • The Service can be re-configured by NOAA at will through a web interface and machine-to-machine interface allowing NOAA

to run, for example, run a mix of server sizes and to add additional server and storage and bandwidth resources as necessary.

• Provide scaleable and burstable bandwidth and infrastructure. • Provide capability to utilize cloud service provider IP space on government owned DNS. • Provide a geographically load balanced (within the CONUS) virtualized solution that meets or exceeds the following:

– Be capable of adding virtual machines within 30 minutes of agency request. – Be comprised of VMs with 8-16 cores with 16GB of RAM. – Be IPV6 Compliant – must route IPV4/6 packets. – Have bandwidth capable of supporting 0.5GB/s read and write. – Have a content delivery network available for load balancing repeated functions in order to minimize VMs needed for

the core application. – Have Required “line rate” for inter-VM communication: 1GB/s. – Have Required IANA IP addresses per ERMA site: up to 4



• The Hosting environment to support the following scenarios and the accompanying data transfer requirements: – Standard configuration (situation where ERMA is being used for standard agency operations and/or small to medium environmental

response incidents). • Capability to hand 325,000KB of data transfer per 24 hour period. • Capability to handle 1GB of data transfer during a peak 24 hour period.

– Large scale Support for Response Community Configuration (standard configuration plus support of large scale environmental response, but minimal public interest)

• Capability to hand 325,000KB of data transfer per 24 hour period. • Capability to handle 1.6GB of data transfer during a peak 24 hour period. • Duration of increased capacity could be 3 days to 3 months.

– Large Public Interest Configuration (Large Scale Response Community configuration plus support for public facing sites including coverage in national news)

• Capability to hand 22GB of data transfer per 24 hour period. • Capability to handle 66GB of data transfer during a peak 24 hour period.

• Be FedRAMP compliant or in the process of obtaining FedRAMP compliance. • Enable for zero-exit costs (e.g., no lock in) to migrate to other providers or to government if necessary. Migration mechanism/media will be

designated by the government. • Document activities associated with the transport of Federal agency information stored on digital media and employ cryptographic mechanisms to

protect the confidentiality and integrity of this information during transport outside of controlled areas. • Provide a mechanism for NOAA/NOS bulk retrieval of all data, scripts, software, virtual machine images, and so forth such as mirroring or copying

to NOAA/NOS supplied industry standard hard drives. • Provide a secure, dual factor method of remote access to allow NOAA/NOS designated personnel the ability to perform duties on the hosted

infrastructure. This access should allow for clientless (web-based) access. Support secure provisioning, de-provisioning and administering [such as Secure Sockets Layer (SSL)/Transport Layer Security (TLS) or Secure Shell (SSH)] in its service offerings. 32 NOAA FDCCI NOAALink 4/2/2013


• All systems in the Virtual Environment are backed up with an industry standard solution that allows for the following: – Restoration of an individual file or folder on request as outlined in the SLA. – Daily differential and weekly full backups. – Backed up on media appropriate for long-term off-site storage. – Backup of virtual machine files. – Administer, maintain, and test all virtual machine and system backups in accordance with DOC/NOAA standards. – Back-ups to be stored in a secure off-site location with weekly transfers from host to storage site on a 6 month rotation schedule. – Semi-annual permanent backups will be retained with the first full backup serving as the first annual backup and the anniversary date for permanent

backups. – A temporary increase in back-up frequency and off-site storage requirements must be accommodated to support incident specific requirements such as

Litigation Hold for Damage Assessment investigations. – Pricing structure should include daily updates with permanent transfer of back-ups to the government via government provided transfer mechanism(s).

• Provide the following optional enhanced managed security services. – Log Aggregation & Analysis. – Forensics – Full Packet Capture. – WAF (Web Application Firewalls) – software-based application layer firewall protection providing a secondary layer of security at application layer. – Network Flow Analyzer. – SEIM (Security Even Information Management) reporting to correlate events collected from all deployed security devices and services. – Managed Application Scanning. – Managed Data Leakage Prevention. – Managed Host-Based Intrusion Prevention Service.

• Protect personally identifiable information (PII). Protect against unauthorized access, disclosure or modification, theft, or destruction. Ensure that the facilities that house the network infrastructure are physically secure.



NOAA Outcome: Research Protects Endangered Species

Photo by Jerry Burcham; http://www8.nos.noaa.gov/onms/park/Parks/ SpeciesCard.aspx?pID=8&refID=6&CreatureID=731

http://www8.nos.noaa.gov/onms/park/Parks/

NMFS Habitat Restoration Program

• Provide ability to publish and update five core map services that would serve internet accessible, ESRI-compatible, point and polygon data to be consumed by web applications and desktop GIS users; anticipated usage is low, approximately 1000 user “hits” per month.

• Provide ability to update services as needed (~monthly updates on several services expected). • Support server-side data storage needs that would not exceed 10Gbytes. • Maintain data files in geodatabase format (please advise if other options are available, and

explain benefits). • All data is public and non-sensitive with no access or use constraints (FISMA Low). • Provide NOAA and non-NOAA users with account access to ArcGIS or compatible software to

modify and publish services as needed. • Provide NOAA and non-NOAA users with appropriate access to upload and modify data in a

geodatabase as needed. • Provide the ability to publish additional ad-hoc services for testing and development purposes. • Provide development & testing environment for access by NOAA government & contractor staff. • Leverage existing licenses or planned enterprise licensing for ESRI software applications. • Provide data backup services as an optional component. 35 NOAA FDCCI NOAALink 4/2/2013


NOS CO-OPS Interactive Voice Response (IVR) System

36


NOS CO-OPS Interactive Voice Response (IVR) System

• Cloud-based IVR to replace existing voice response system physically located within CO-OPS Silver Spring office • Virtualized and expandable voice system; offeror provides all applicable hardware, software, and requisite phone numbers virtually,

and all hosted physically by and with the IVR. Offeror will support porting of existing numbers to their system, and reporting of the numbers to a new cloud provider when necessary.

• Virtual server can be re-configured by CO-OPS at will through web interface and machine-to-machine interface allowing NOS to add additional voice response numbers at will. CO-OPS will have ability to add/remove/update voice response messages and systems.

• The infrastructure shall be a virtualized hosting environment; scalable and burstable bandwidth and infrastructure; provide a technical foundation which allows for CO-OPS to utilize a fully scalable IVR system; provide flexible and reconfigurable technical foundation to respond to developing Internet trends and government needs; and enable for zero-exit costs (e.g., no lock in) to migrate to other providers if necessary.

• CO-OPS IVR has the following requirements: – Vendor must host their own hardware (cloud) and be responsible for patch management. – Vendor must interact with CO-OPS via a web accessible application programming interface (API). – Vendor must support text to speech; both voice and SMS based customers; numeric input from touch-tone phones &SMS – The IVR vendor must support logic-driven application programming . – The IVR vendor must provide 24x7x365 professional support services. – The IVR vendor must support at least 100 simultaneous callers to a given number. – The IVR vendor must support the transfer of existing 1-800 numbers to and from their system. – The IVR vendor must provide call statistics for each hosted number through a web interface. – The IVR vendor must interface with CO-OPS information systems via standard HTTP GET/POST calls.

• Availability of base IVR system within 2 weeks from date of contract award. • Must meet NIST SP 800-53 rev 3 security controls & FedRAMP Information Technology Systems Security Requirements.

37

NWS International Affairs Travel Support Application

• The application will be accessible via the Internet using either personal computers or mobile devices. • Provide a mechanism to allow the user to log into the application, preferably using NOAA LDAP and NOAA HSPD-12 CAC solutions. • Allow NOAA-designated managers to manage user accounts, including add/change/remove actions as

needed • Protect personally identifiable information (PII) following Commerce PII policies and procedures • Provide capability to support email use from within the application; NOAA’s standard email solution is Google

for Government, known as Universal Messaging Services (UMS). • Provide telephone access to support technician 24/7 in case of emergencies (4 hour SLA window minimum). • For reference, the current application resides on servers configured as follows:

– allow email to be sent via SMTP. – allow for DNS lookups from within the environment – 8GB dedicated memory; 80GB system drive; 300GB data drive; 64-bit processor (4 cores) dedicated availability

• Provide licenses (including pricing for the following software components: – SQL Server 2008R2, Enterprise; SharePoint Server 2010, Enterprise; SQL Server 2008R2 Reporting Services;

Antivirus


What Comes Next?

• Your Turn… – One-on-one sessions with NOAA Business and IT Leadership; – If there is a question you think we should be asking, we want to know, so please

share… – Friday, April 5, 2013, starting at 0900, for one hour; – Share your thoughts; explain your demonstrated, proven approaches; address our

questions; ask your own • Post-session summary by April 19, 2013 • Off to the races with AGO • Target is Cloud Landing Pad in Q4 FY2013 • Your POCs: NOAALink Program Office

– Cathy Ossi, Ash Dawood 39 NOAA FDCCI NOAALink 4/2/2013

NOAA Data Centers: What We Look Like Tomorrow…

Thank You for Coming! Questions?


Documents

NOAA Federal Data Center Consolidation Initiative … Toolkits/The Cloud... · NOAA Federal Data Center Consolidation Initiative (FDCCI) FY2013 Project Overview A briefing to the