Racing Ahead with Cloud Computing

Written by Harrison Donnelly

MIT 2009 Volume: 13 Issue: 11 (December)

 

After launching an enhanced version of their cloud computing initiative this fall, Defense Information Systems Agency (DISA) officials are working to expand what one calls “the next step in the evolution of service delivery” into the classified arena early in 2010.

First implemented in October 2008, the Rapid Access Computing Environment (RACE) initially allowed for the rapid delivery of test and development environments. The recent release allows Department of Defense users the ability to selfservice provision operating environments within the highly secured Defense Enterprise Computing Center (DECC) production environment.

With its rapidly accessible and scalable computing infrastructure, RACE uses virtualization and the capability of cloud computing to offer DoD customers platform/infrastructure as a service in both test and production environments.

“We released the new version, which allowed users to self-service provision not just inside the test and development environment, but also within the production environment,” said Henry J. Sienkiewicz, technical program director, DISA Computing Services, who is leading the initiative. “For us, that was a big step along the path of allowing users to have quick access to highly standardized commodity services from the secure DECCs.”

RACE’s quick-turn computing solution provides DoD customers with highly standardized computing platforms quickly, inexpensively and securely. With RACE allowing for provisioning within the production environment, customers get self-service provisioning with streamlined accreditation. Users can customize, purchase and receive their test and development computing platform within 24 hours, and production environments within 72 hours.

Customers get pre-established inherited IA controls as well as the ability to promote projects and programs from test to the production environment. SAN storage up to 1TB per RACE operating environment is also now available, with additional storage from 10GB to 1TB in 10GB increments available.

ACCREDITATION PROCESS

A key goal of the new version of RACE, Sienkiewicz explained, was to streamline the accreditation process for ensuring the security of applications.

“When we looked at some of the impediments to rapidly developing and deploying applications inside the DoD environment, we realized that we also had to look at the accreditation piece. When we look at the type of applications and their characteristics, we are risk averse on what we are introducing inside the production environment. So the RACE team also took on as part of their charter the goal of streamlining accreditation,” he said.

Accreditation is the analysis of the complex IA control mechanisms— including making sure an application runs properly within a Security Technical Implementation Guide (STIGed) environment, which requires certain attributes of both infrastructure and application.

“What we had to do was to map out all the possible permutations of the IA controls,” Sienkiewicz said. “We identified which pieces we could ‘bake’ straight into the infrastructure. As a project or program manager goes through the accreditation process, if they built it within our standardized environment, they inherit those controls. That’s a definite change in how we’ve traditionally done the accreditation process.”

The solution developed to meet that need is called the “path to production.” By using business modeling and inherited information assurance controls, the new system is able to cut the time required for an accreditation package in half, from an average of 80 days to 40 days.

Sienkiewicz explained the focus on accreditation this way: “While it’s easy enough to spin off a virtual machine, it doesn’t do our end-users any good if they can’t have applications that they can put there. So we have to figure out the accreditation piece. We recognize that, as a large provider of complex IT services to the department, our charter is to help warfighters get the functionality they need. Web 2.0 technologies, virtualization and social networking have really pushed that decision-making cycle. As a large provider of services, we need to be able to find a way to deliver that functionality.”

Another piece on the agenda is to allow users to provision not just on NIPRNet, the unclassified network, but also on SIPRNet, the classified network.

“We are committed to delivering that functionality in the second quarter of the fiscal year,” Sienkiewicz said. “The project is on time and target. It’s not just allowing users to be able to self-service provision, test, develop and produce in the unclassified world, but also recognizing that, especially for our command and control systems, we have to enable them to provision in the classified world.”

He added that the more stringent security requirements of the classified network would pose significant, but still manageable issues. “We already run a significant classified processing environment. So some of the fundamental pieces have been built to take SIPRNet into account.”

HOLISTIC APPROACH

Sienkiewicz emphasized that the RACE effort was one element of a holistic approach that relied on close cooperation throughout the agency and with other military organizations and industry. “It’s been a whole series of business process reengineering efforts on behalf a lot of organizations within DoD, as well as our business partners. It’s been a lot of team members thinking through tough problems. If we can shift the bar further to the left, we will be able to provide functionality to warfighters much more quickly,” he said. “We are fortunate in the agency in that we have a chief information assurance executive, Richard Hale, who is one of the outstanding minds in this field; Mark Orndorff, director of DISA’s Program Executive Office for Mission Assurance and NetOps; and our field security people, led by Bill Keely. We have an extensive team focused on ensuring that we’re running this environment safely and securely. We have partners on the commercial side as well as within the department to make sure we’re doing this the right way.

It has been a huge teaming effort across the agency, including our accreditor, Bobbie Stempley, the agency’s chief information officer. She’s the one who greenlighted the project, to keep going forward in making sure we do this the right way.”

The project also reflects DISA’s changing acquisition strategy, which involves moving from a capital expense to an operational expense model, in which processors and storage are acquired as services from a series of vendors. “That’s one of the foundational elements to ensuring that we’re able to do these types of enhancements to service delivery,” Sienkiewicz said.

RACE also dovetails with the agency’s Forge.mil project, a collaborative development environment/toolset designed to improve the process of writing and deploying software code for military uses.

“We’re doing this as one holistic solution for the department, coupling Forge, accreditation streamlining and the ability to do user self-service provisioning of appropriate resources. We’re getting a comprehensive solution set,” he noted.

SILVER LINING

Since DISA Computing Services is a working capital fund organization, funding for RACE comes from users. The basic rate is $500 per month for each virtual machine, and is adjusted as more operating environments grow.

When users do self-service provisioning, they can start by providing a government credit card or an intradepartmental funding request.

Sienkiewicz declined to provide specific figures on RACE use, noting that usage ebbs and flows and that the project is still in its early stages. But for the future, he has no doubts that the RACE cloud will have a silver lining indeed, providing dramatic efficiencies for the DoD customer.

“When we look at the cloud and cloud-like offerings, I see it as a whole series of data center fabrics, where we have virtualized environments that people are able to access in an ad hoc nature— highly dynamic and elastic in nature, rapidly scalable and possibly from across multiple data centers.

“I see us allowing users to use composite computing—mashedup applications that enable them to yank out applets, composite them, use them as they need them, and then spin them back, so that warriors are able to put together what they need, solve the problems at hand, and turn them back without having to worry about doing the acquiring and meeting institutional requirements,” he said. ♦

Back to Top