1 / 29

How Does DoD View the Cloud National Defense Industrial Association 12 October 2011

How Does DoD View the Cloud National Defense Industrial Association 12 October 2011. Mr. Robert J Carey Deputy Chief Information Officer Department of Defense. The Warfighter & DoD Workforce Expects, Deserves & Requires. …Access to information… Anytime and Anywhere ….

mariko
Download Presentation

How Does DoD View the Cloud National Defense Industrial Association 12 October 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How Does DoD View the Cloud National Defense Industrial Association 12 October 2011 Mr. Robert J Carey Deputy Chief Information Officer Department of Defense

  2. The Warfighter & DoD WorkforceExpects, Deserves & Requires …Access to information… Anytime and Anywhere… From fixed bases to the tactical edge… Risk Management vs. Risk Avoidance approach

  3. …and this is where we do our work 3

  4. VIEWS OF THE ENTERPRISE

  5. VIEWS OF THE ENTERPRISE

  6. VIEWS OF THE ENTERPRISE

  7. OUR ENTERPRISE IS NETWORKED PEOPLE, ORGANIZATIONS & TECHNOLOGYTHAT ENABLE AN INTEGRATED, HIGHLY CAPABLE WARFIGHTING TEAM. VIEWS OF THE ENTERPRISE

  8. DoD Information Enterprise - Working Toward Cloud Computing IT Systems DoD IT User Base • >10,000 Operational systems (20% mission critical) • ~750 Data Centers • ~67,000 Servers • ~7+ million computers and IT devices • Thousands of networks • Thousands of email servers, firewalls, proxy servers, etc. • 1.4 million active duty personnel • 750,000 civilian personnel • 1.1 million National Guard and Reserve personnel • 5.5+ million family members and military retirees • 146 + countries • 6,000 + locations • 600,000 + buildings and structures Total IT Budget • >$ 38 Billion in FY12 • >$16 Billion in IT Infrastructure • >$3 Billion for Cyber Security Enormous Size, Scope, Diversity and Complexity

  9. DoD’s Strategy for Operating in Cyberspace (DSOC) 5 Pillars • Cyberspace as a domain • New defense operating concepts • Extending cyber defenses • International partners • Technology and innovation Keep Pace With Technology - Get In Front of the Threat

  10. DoD’s Strategy for Operating in Cyberspace (DSOC) 5 Pillars • Cyberspace as a domain • New defense operating concepts • Extending cyber defenses • International partners • Technology and innovation Cloud Computing supporting DoD’s Cyber Strategy

  11. DoD IT Enterprise Strategy and Roadmap Effectiveness Improve mission effectiveness and combat power throughout the Department Efficiency Reduce duplication in the DoD IT Infrastructure, and deliver significant efficiencies across the Department Cyber Security Improve the security of DoD networks and information from all threats Consolidate Infrastructure to Better Operate and Defend

  12. IT Enterprise Strategy and Roadmap – Initial Actions • Data Center & Server Consolidation • Consolidate Security Architecture • Implement Cross Domain Solution • Network Standardization / Optimization • Implement Enterprise Identity Management • Enterprise Messaging & Collaboration 7. Enterprise Hardware/Software Procurement

  13. The Vision Personal Storage Data Sources Web Enabled Applications Identity and Access Management “Enterprise Information Environment” ?? Mobile Device Thin Client Thick Client All data reachable through the “Enterprise Information Environment” User’s/systems accessed using Identity and Access Management Web Enabled Applications available to manipulate data in the “Environment” Access with Thick Client/Thin Client/PDA/any waveform/the Internet from Anywhere Easily accessible, reliable and survivable computing platforms Supported by a flexible, robust and protected mesh of communications media 13

  14. Data Center Optimization “Franchise” data centers Global Footprint Core Computing Infrastructure for DoD’s Cloud

  15. Enterprise Data Center Evolution Percentage Change 1800% • Cloud Computing • Server Virtualization • Services- based acquisitions • Dynamic provisioning • Utility pricing • Mainframe Processing • IBM & UNISYS platforms • Centralized database processing • Full data replication (since FY00) • Silos Virtual Tape Systems • Distributed Processing • Client-Server solutions • Internal storage Storage Area Networks (SAN) • Enterprise resource Planning (ERP) implementations 1600% 1400% 1200% 1000% 800% 600% 400% Storage Workload Server Workload Cost 200% 0% -200% 1994-2002 2008 1994-2002 2002-2008 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 Continuous DECC consolidations and transformations have yielded significant reductions in unit cost

  16. Enabling Data Center Consolidation through Virtualization Leveraging excess capacity created by the rapid growth in the speed and capacity of processors, memory, network and storage Current virtual environments: • 1012 VOEs • 147 Hosts • 4 Racks • 253 Windows Licenses • 160 Network Cables • 20 SAN Cables If these weren’t virtualized: • 1012 Blade/Servers • 22 Racks • 1012 Windows Licenses • 1024 Network Cables • 128 SAN Cables Driving additional consolidation: Current CPU utilization often <20%

  17. Delivering the DoD Cloud from the Core Data Centers Hybrid Cloud Self-Service Portal & App Store Secure, turnkey cloud for DoD application developers and enterprise service providers Automated Provisioning & Deployment Automated Security, Performance & Functionality Testing/Reporting Orchestration and Monitoring Virtual Infrastructure Virtual Infrastructure Virtual Infrastructure Virtual Infrastructure Physical Infrastructure Physical Infrastructure Physical Infrastructure Physical Infrastructure Facility Facility Facility Facility Core Data Centers

  18. Common Enterprise Services Delivered from the Cloud • Enterprise Software as a Service (SaaS) • e-Mail Office Productivity Collaboration • Content Mgmt Customer Relationship Mgmt • Platform Services • Identity Management Authentication/Authorization • Application Platforms Messaging Content Delivery • Computing Infrastructure Services • On demand, self-service Broad network access • Rapid elasticity Measured service Hosted within globally accessible code data centers that are secure, reliable and robustly interconnected 18

  19. Agile Development & Continuous Delivery across the DoD Cloud Initial Enterprise Capabilities Agile development Rapid IA C&A DoD Enterprise Cloud Environment Cloud IaaS

  20. Cloud Computing: Enabling a new application delivery approach Yesterday’s system development process Large, expensive, static systems Continuous delivery enabled by the cloud Continuous delivery • Automated testing • Enterprise services • Compliant platforms • On-demand infrastructure Program managers Developers Testers Decision authorities Emerging needs Unclassified

  21. Using cloud computing to achieve our cyber security goals Applications inherit the security controls from the lower layers enabling accelerated delivery and improved security Mission Apps Application Services Identity management and access control services Standardized, STIG’d Platforms with automated patch and configuration management Cloud Platform Services Highly resilient infrastructure supporting dynamic scalability, failover, backup/recovery, and continuous monitoring/alerting Cloud Infrastructure Services Strong perimeter protections with a vigorous internal sensor grid to detect attack, malicious code, staged exfiltration Core Computing Infrastructure Unclassified

  22. Using Commercial Provided Cloud Services: Significant IA Challenges • Issue 1: Cyber Protection: Commercial clouds move computing & storage outside of DoD’s layered cyber defenses and cyber attack detection, diagnosis, and reaction infrastructure. • Issue 2: Cyber C2: There is no mechanism to effectuate Cyber command and control needed to identify and respond to emerging cyber threats • Issue 3: IdAM: Maintaining the DoD’s cyber identity credential, direct authentication, and access control models and services when using the cloud is a major concern • Issue 4: Multi-tenancy: The commercial cloud is shared with non-DoD customers, and the provider must ensure DoD processing and data stays separate, and that other customer’s problems or malicious behavior do not spill over to DoD in a way that causes risk to DoD missions • Issue 5: Data/Application Visibility – need to ensure that both data and applications are monitored in real or near real time. • Issue 6: Data Rights: make sure understand who has them over the long term?

  23. Commercially Provided Cloud Services: Mitigating the Risks • DoD extension of Federal Risk and Authorization Management Program (FedRAMP) • Provides a standard approach to assessing cloud computing services and products for the Federal Government • Certification driven by NIST Special Pub 800-53 IA Controls • Emerging requirements for audit and monitoring • Joint Approval Board chaired by DoD(CIO), DHS, and GSA • DoD will establish a similar process internally. • Using cloud pilots to identify additional mitigations • Boundary defenses between sensitive DoD information and non-DoD information • Information encryption in transit and at rest • Use of DoD Internet Access Points (IAP) and Internet Firewalls • Use of certified Computer Network Defense Service Providers (CNDSPs) that monitors the firewall, IDS and responds to USCYBERCOM tasking

  24. Challenge: Delivery to the tactical edge Cloud Optimized information delivery, interoperability, synchronization, failover, continuity Unclassified

  25. Way Ahead • Consolidating DoD infrastructure (networks, applications, servers and data centers) • Adapting cloud technologies and approaches to enhance our enterprise service efforts • Increasing IT complexity and shrinking budgets is driving switch from asset ownership to consuming services from others • Initial focus on DoD offered services while defining requirements and methods to securely leverage commercially provided services • Publishing DoD Cloud Computing Strategy and developing guidance on the use of commercially provided cloud services • Fall 2011 • Collaborating with the DoD Components, Intelligence Community, other Federal Agencies, and industry partners

  26. Thank You National Defense Industrial Association 12 October 2011 Mr. Robert J Carey Deputy Chief Information Officer Department of Defense Robert.Carey@osd.mil

  27. Candidate Efforts Efficiency, Effectiveness & Cyber Security Initiative Near Term Use Case 27

  28. Challenge: Delivery to the tactical edge 3G 3G 3G Enterprise Core Data Centers Regional Data Centers Deployable Nodes Edge/Tactical Nodes Edge Network DISN Core Network Edge RF Network Optimized information delivery, Interoperability, synchronization, failover, continuity

  29. IaaS: Accelerated Delivery of New Capabilities • Finish • Start • Current Development Process • DEV • QA + IA • Dev Provision • Build • QA Provision • Deploy • Continuous Delivery • DEV • QA + IA • Self-service provisioning • Consume portfolios of standardized, policy compliant services. platforms and applications • Environment Promotion • Seamlessly migrate and promote environments from Dev through delivery to desired environments. • Accelerate delivery to cloud or bare metal • Build Automation • Eliminate manual build environment config/setup • Automate testing during off-hours UNCLASSIFIED

More Related