Defense Information Systems AgencyA Combat Support AgencyEnterprise Computing andCloud Initiatives: A Report CardAlfred J. Rivera29 July 2010Director, Computing ServicesDISA

A Combat Support AgencyAgenda Enterprise Computing in DISA– Operational, Business, Financial– Partnerships & Opportunities “The Cloud”– DISA’s Tenets– Progress to date– Service Models & Future Offerings2

A Combat Support AgencyEnterprise ComputingDECC EUR (Stuttgart)(2600 sq-ft expansion Dec 09)Remote SystemsManagement PKI RCVS HBSS Cross-Domain (BICES) Rel DMZRemote SystemsManagementDECC PAC (Pearl) Missile Defense C2BMC GCSS-JTF CENTRIXS ISAF GRIFFINCommand & ControlGlobal Combat Support System (GCSS)Theater Battle Management Core Systems (TBMCS)Warfighter LogisticsDefense Distribution Standard System (DSS)Transportation and cargo movement systemsCombat requisition and maintenance systemsTECCTECC-SWA (Bahrain)(1700 sq-ft expansion Dec 09) AKO/DKO Forward DLA Forward VoSIP MHSDoD Financial and SecurityMilitary and Civilian Pay & PersonnelElectronic business and contracting systemsPublic Key Infrastructure (PKI)Health & Medical ReadinessComposite Health Care System (AHLTA)Defense Enterprise Computing Centers (DECCs)33

A Combat Support AgencyComputing at the Edge:GIG Content Delivery (GCDS)Legend:DECCGCDS Nodes What: Distribute content and extendcomputing to the Edge––– 50 Regions/25 CitiesDeployed deep into SWASIPR (20 Nodes) and NIPR (24 Nodes)Who (# Applications): Army (4), Navy(8), AF (4), USMC (2), DoD (28) Impact:–––Saving millions in IT expansionEnd user performance gain as much as 30timesSignificant bandwidth off-load 2X to 30X Performances Improvements85.7% DISN Bandwidth Offload (avg.)Extending Computing Power to the Edge44

A Combat Support AgencyPercentage ChangeComputing Technology& DECC Evolution1800%Mainframe ProcessingDistributed ProcessingCloud Computing1600%1400%IBM & UNISYS platformsClient-Server solutionsServer VirtualizationInternal storageStorageArea Networks (SAN)Services- based acquisitions1200%Centralized databaseprocessing1000%Full data replication (sinceFY00)Enterprise resource Planning(ERP) implementationsUtility pricing2002-2008200620072009800%Dynamic provisioningSilosVirtual TapeSystems600%400%Storage WorkloadServer 0042005200820082010Continuous DECC consolidations and transformationshave yielded significant reductions in unit cost20115

Server & Storage RatesA Combat Support AgencyUNIX Rate and Workload 100,000 90,000 80,000 70,000 60,0001,400 4.00TBsAnnualized40,0001,200 3.5035,000 3.0030,000 2.5025,000 2.0020,000 1.5015,000400 1.0010,000200 0.505,0000 0.001,000800 50,000 40,000600 30,000 20,000 10,000 FY07FY08FY09RateServer Storage Rate and FY10FY11WorkloadIncludes basic & hardware services – small OEWindows Rate and WorkloadAnnualizedOEs 40,000IBM CPU Rate and WorkloadCPUHours3,0006,000 100.00 35,0002,500 30,0005,000 80.002,000 25,000 20,0001,500 15,0004,000 60.003,0001,000 40.002,000500 20.001,000 10,000 5,000 -0FY07FY08FY09RateFY10WorkloadIncludes basic & hardware services – small OEFY11 0.00-FY96FY01FY07RATEFY08FY09FY10FY11WORKLOAD6

A Combat Support AgencyEnterprise ComputingPartnerships Consolidations of enterprise applications/systems Application hosting support for BRAC migrationsOpportunities Server optimization using capacity servicesand virtualization technologies Global services support– GIG Content Delivery System– HBSS– DoD DMZ Desktop-centric solutions for commonservices– Active Directory, Exchange,SharePoint Grid Virtualization supporting dynamiccomputing services – Integrated Orchestration Computing support at the Edge– Remote management of regional nodes Agile software development/self provisioning support77

“The Cloud”A Combat Support AgencyA model for enabling convenient, on-demand network accessto a shared pool of configurable computing resources (e.g.,networks, servers, storage, applications, and services) thatcan be rapidly provisioned and released with minimalmanagement effort or service provider interaction. (NIST)CharacteristicsRapidElasticityOn DemandSelf-ServiceBroad AccessResourcePoolingMeasuredServiceWhat’s new?Acquisition Model:Based on purchasingof servicesTechnical Model:Scalable, elastic,dynamic, multitenant, & sharableAccess Model: Overthe network to ANYdeviceBusiness Model:Based on pay foruseComputing As A Service8

A Combat Support AgencyAcquisition Model:Capacity ServicesOrders to dateInnovative Services Contracts Vendors provide capacity to CSD:––––– Processor Benefits––––– Acquire processing, storage andcommunications capacity as a servicePay much like a homeowner pays forutilities, e.g., by megawatt-hours, BTUs,call-minutes, CPU-hours consumedInstallDe-installMaintenance (both HW and SW)Reduces time to add capacityReduces overheadSimplifies our cost driversStreamlines operating systemmanagementFacilitates technological currencyCapacity is managed by CSD personnel 1251 Total Orders Completed82% of IBM Mainframe MIPS replacedAverage delivery timeline of 10 days 12 days for mainframe 15 days for server 125 orders took less than 5 days 443 orders took between 5-14 days 247 orders took more than 14 days 2 hour provisioning wherecapacity availableStorage––– 502 Total Orders Completed36 Disk capacity assets installed4544 Storage networking fibre portsAverage delivery timeline of 14 Days 7 Days for Disk 11 Days for Network PortsSpeed, Agility, Utility Pricing, Reduced Overhead& Technology Currency9

A Combat Support AgencyTechnical Model:Standard Architecture - Server Windows / Linux– HP BL460c / BL490c blade, c7000 enclosure, CISCO 3020 switches Mini:Small:Large:Enterprise: 1 socket & 4 GB memory 1 2 sockets & 8 GB memory 2 4 sockets & 16 GB memory 4 sockets & 32 GB memory Unix– Sun – T5220; M5000– HP – BL860c; RX3600; RX8620 Mini:Small:Medium:Large:Enterprise: 1 socket & 4 GB memory 1 2 sockets & 8 GB memory 2 4 sockets & 16 GB memory 4 8 sockets & 32 GB memory 8 21 sockets & 64 GB memory Virtualization - Drive virtualization as much as possible– VMware on x86 ( 10 VOEs per host)– Logical domains (LDOM) on shared Solaris environment– Virtual Server Environment (VSE) on shared HP-UX environmentStandards Economies10

A Combat Support AgencyTechnical Model:Virtualization Basic concept– First implemented more than 30 years ago by IBM as a way tologically partition mainframe computers into separate virtualmachines– Speed and capacity of processors, memory, network andstorage have outpaced the needs of most applicationsCurrent virtual environments: 1012 VOEs 147 Hosts 4 Racks 253 Windows Licenses 160 Network Cables 20 SAN CablesIf these weren’t virtualized: 1012 Blade/Servers 22 Racks1012 Windows Licenses1024 Network Cables128 SAN Cables41% virtualized using capacity services11

Access/Business Model:Rapid Access Computing Environment (RACE)A Combat Support Agency1 October 2008Development/Test24-hour automatedprovisioningCustomer root accessAbility to promote from Devto TestStandard CSD OperatingEnvironments (LAMP &Windows)Minimized and streamlinedaccreditationIncrease capacity 24 hoursMonth-to-month serviceReduced costTodayProductionUser self-serviceprovisioning within thePRODUCTION environmentAbility to promote from testto tablished inherited IAcontrolsFY10 InitiativesSIPRNet deploymentComplete integrate accreditationautomation processesContinue to refine RACE PortalInterface with Forge.Mil ProjectsComplete integration with DISAstandardized configurationmanagement system (BladeLogic)User Self-Service Highly Standardized Cost Effective Fast12

A Combat Support AgencyDISA’s Cloud MaturityCloud processing currentlylimited to x86 virtual OEsCapacity Services PlusCommercial BestPractice13

Services Deployment ModelRoadmapA Combat Support AgencyCurrentIaaSHighUtilityPaaSNear TermSaaSPaaSEnterprisePortalSelf-ServicePortalRace Dev trationC&A as aServicePath-ToProductionWeb HostingSaaSRace Dev &TestSharePointas a ServiceUtility-BasedElasticityITSM as aServiceType AccreditedWeb HostingMediumUtilityeMASSATAAPSCapacity Services VOEsfor Standard SolutionsCapacity Services VOEsfor Custom SolutionsCapacity Services VOEs forStandard SolutionsWeb HostingCapacity ServicesVOEs for CustomSolutionsCapacity ServicesVOEs for onsCGOALSolutionsTarget Services14

Platform as a Service:A Combat Support AgencyDISA’s SharePoint InitiativesDedicated SharePoint 2007Dedicated SharePoint 2010Enterprise SharePoint 2007JUNEAUGEnterprise SharePoint 2010NOVOffice Web App Demo JAN 2011VOfficeDedicated SharePoint– MOSS 2007 with upgrade path to SharePoint 2010– Cost for dedicated hardware Enterprise SharePoint Services (ESPS)– Available in Aug on MOSS 2007 – Shared Governance– Upgrade to multi-tenant SharePoint 2010 Office Web Applications (VOffice)– Web versions of Word, PowerPoint, Excel, OneNote– Capability demonstration – DoD Visitor scenario– Optional service for ESPS15

A Combat Support AgencyPlatform as a Service:A current case studyATOUSAFDevelopmentPre-Production (Test)ESC develops Services andtests them in the IT-LCServiceBoundaryProduction Support (Help Desk)Production (Run-time)SaaS – AF ESCWeb Services (Code) / ERP /MashupPaaS ‐ DISASupportingSystemsMiddlewareOperating System InstanceCSDCapacityServicesDISAC&A of Services is AirForceResponsibility (AF DAA)C&A of Platform is DISAResponsibilityVOEsPhysical/Virtual ServerFacilitiesPhysical ServersPaaS Enterprise Middleware J2EE 1.6 and .NET 3.5 Windows Communications Foundation - runtime application programming interfaces forbuilding service-oriented applications ERP Platform (SAP/Oracle) Data aggregation via Enterprise Mashup Markup Language ( EMML) - JackBeOperating Model Customer brings code only ; DISA provides operating stack and all support services Profound impact on IA accreditation model1616

A Combat Support AgencySummary Understand that it’s a journey– Recognize that the infrastructure fundamentalsmatter– Know the “marketplace” and warfighter needs– Agility in processes will continue to be refined Close partnership with our customers isimperative– Work together early to avoid misfires– Collective buy-in on computing direction Brutal standardization– Drives the economic savings17

A Combat Support Agency18

TargetService PlatformA Combat Support AgencyEnd UserDoD Store FrontCommon Entry Point - User Defined Pages - Widget MarketplaceCustom App 1Collaboration, etc.User Facing Enterprise AppsSIPRCloud OperatingEnvironmentEnterprise Mashup Engine(Delivers basic platform unit whereapplications execute)Widget FrameworkVirtualNetworkCOI ngResources(Registry, MDR)(xxForge,)(Harnesses,Security CTKs,Test Data Sets)COI Specific(e.g. C2, Log, Business)ApplicationComponent LibraryDevelopment Tools(All preconfigured for RACE hosting)(Forge provided or Forge compatible)VirtualSecurityMulti-tenancy Services(Services optimized for tenants of the platform. Web Service Interfaces use REST or SOAP)AAUP* ServicesOtherCOI ServicesM2M & JUMRCVSESM .GCDSAttribute Services . .CDESPEP/PDP Service . .UDDIEnt User Account Store . .Data Exchange/Delivery ServicesCommon DeveloperAdmin uteCustom nLAMP & WinTel stacksSharepoint, DBs, PEP/PDP Unified OrderingProcesses .DCO , White Pages,(Integrated Netops across network, computing & services)Unified Provisioning& AdminVirtualization/Cloud Resource Mgmt FabricPhysical Infrastructure (Machines & Facilities)Version 1.6 as of 8 Apr 10AAUP Authentication, Authorization & User Provisioning19

Global Content Delivery (GCDS)A Combat Support AgencyGlobally Distributed Enterprise Computing InfrastructureSaving Millions in IT Expansion Costs for DoD50 Regions in 25 cities/12 Countries Deployed Deep in SWADISA’s First Cloud ServiceAccelerating Collaborative Applications to Warfighters2X to 30X Performances Improvements85.7% DISN Bandwidth Offload (June)NIPRNETSIPRNETNIPRNET / SIPRNET PENDINGINSTALLATION46 Multi Service Enterprise Applications LIVEService & Mission Support Portals, Geospatial & eLearningApplications, Large File Downloads (Anti-virus, MS Patches, CRL)Adjusting Quickly to Changes in Network ConditionsDemonstrated availability in theater during Mideast cable cutsGCDS Applications Remained Operational at all timesExcellent Customer Feedback & ReputationDISN 283010528SIPRNET201218528TOTAL4842281056Extending Computing Power To The Edge20

A Combat Support AgencyEnabling the CloudEnvironment solidationCapacity ServicesVirtualizationContent DeliveryRapid Provisioning Services– Software (SaaS)– Applications– Communications Processes––––Metrics & benchmarkingITILService Level Management (SLM)Security (Certification &Accreditation (C&A))It’s A Journey21

A Combat Support (Software Development)Systems Development Life Cycle (SDLC)AnalysisDesign The logical processused to develop aninformation system Includes requirementsvalidation, training, andMaintenance user ownershipPlanning Works like a library –Code checked out,worked on, & checkedImplementationinDoD SDLC First standardized approach toan enormous problem Proven development model Based on the open sourcecommunity’s “Bits & Pieces” Public: Freely available to all DoD usersShared: All DoD users can access the same code development environment forDoD open source and community source softwareAvailable: TodayCommon evaluation criteria and an agile certification process to accelerate thecertification of reusable, net-centric solutionsAvailable: TBDPrivate: Allows a closed development environment for DoD projects andprogramsFee-for-serviceAvailability: TodayDoD’s Software Development Life Cycle22

OS ServiceA Combat Support AgencyService PlaneCustomerOfferingUnit ofdeploymentSupportingSystemsEnterprise CustomerPHPOperating EnvironmentOEApplicationLAMP StackOperating System InstanceServerFacilitiesGeneric System Description PlaneusCtppAreomechaApQySMLProduct PlanesceivrSe xity inuca LapCCCEDCustomer support role under IaaS FrameworkCSD Proposed Services under IaaS frameworkCSD Current Services23

Composite Health Care System (AHLTA) DECC EUR (Stuttgart) (2600 sq-ft expansion Dec 09) PKI RCVS HBSS Cross-Domain (BICES) Rel DMZ. TECC-SWA (Bahrain) (1700 sq-ft expansion Dec 09) AKO/DKO Forward DLA Forward VoSIP MHS. DECC PAC (Pearl) Missile Defense C2BMC GCSS-J