Some say that “cloud computing is virtualization taken to its logical conclusion”, but is that really the case? Ellen Rubin says that it’s actually the cloud that is giving virtualization a chance to get back into the spotlight. It appears that VMware has taken the opportunity to jump headfirst into the cloud hype, and with perfect timing. The numbers don’t lie, VMware reported exponential growth (a 48% increase) with their Q2 revenue numbers from 2010 over 2009 (but that may also be because the economy is better this year).

The outlook for the rest of the year is certainly focused on the cloud with the release of software updates for vSphere specifically for cloud. The ideal end state, according to VMware’s Vice President of Marketing Bogomil Balkansky is is a hybrid cloud that is connected both to internal cloud systems and services as well as securely connected to external cloud services, such as Salesforce, Microsoft Azure, Amazon S3 and Google services. The newly updated vSphere is slated to be a “foundation” for cloud computing.

With more and more companies turning to virtualization and cloud computing technologies to manage their IT infrastructure, there is an increased need for effective and integrated network monitoring. IT network management will need to adapt and scale for more distributed networks, and avoid “virtual stall”. Virtual stall can occur when enterprise IT is not ready for the rapid growth associated with virtualizing data centers and introducing the cloud. Scalability, management, process and coordination issues are all key factors of virtual stall, mostly due to a  lack of automation and reporting in virtualization management tools. Service delivery can suffer without automated monitoring of virtual machines to coordinate and integrate complex systems.

Whether or not you think that virtualization paved the way for the cloud, or that the cloud is just a natural continuum for virtualization, we think that the two technologies make a perfect match. Users are demanding always-on and always-connected resources, which means that it is becoming even more critical for businesses to align their technology goals with their business goals. Efficient real-time monitoring and reporting for virtual environments becomes even more important with the on-demand and self-service nature of the cloud. Some may say that virtualization and cloud computing are disruptive or even confusing technologies, but without them, IT would not be able to move as fast as it is today.

Listen to our CEO, Dave Link as he chats with Federal News Radio’s Dorothy Ramienski on FedCloudBlog about the survey.

Dave says one of the many trends the survey showed is that cloud computing seems like it’s here to stay because of the immense presences of federal CIO Vivek Kundra and federal CTO Aneesh Chopra.

“This year is the first time that we’ve had a federal CIO, a federal CTO over all of government IT. One of the questions we asked is — has this new role impacted your IT operations? Actually 56 percent of the people that responded said it absolutely had impacted, and over 30 percent said they were seeing a major impact. Only about 20 percent said it was business as usual, so I think what that means is that the mandates from the top down actually are active, they’re very visible, the word’s getting down to people and engineers and operators that are working in the trenches. That’s a great, positive movement. It’s a great story going forward — that a new role in the government can actually impact the people who [are] literally . . . Doing the job each and every day.”

He also notes that there is a direct connection between cloud and virtualization, which is helping agencies adopt cloud.

“What we saw early on with virtualization [in] the first year of the survey is that a few people had thought it was a key initiative and/or they had projects in place. This last year the adoption has moved up from major hype to adoption — 80 percent of the respondents this year said they had virtualization initiatives. Frankly, virtualization is at the heart of cloud, because it’s all about shared and pooled resources where you can leverage a resource pool really effectively and have the agility that cloud offers where you can stand up IT resources very quickly. Vitualization is really one of the heart and soul key components of cloud offerings.”

It is slow-going, however. The survey showed that adoption of cloud, however, is still relatively low. But interest is high. Link says, in his opinion, this isn’t a plateau or fad, and likens the government’s response to cloud as the same when it comes to IPv6.

“From the very top, Vivek Kundra’s really a thought leader on the cloud . . . with NASA’s initiatives and FedRamp setting standards on cloud initiatives, they’ve really got a lot of people focused on this. As the largest buyer of IT in the world, where the government goes, vendors are going to go. What I see is, they’re really being smart about the approach. They’re trying to figure out where outsourcing to the cloud makes sense — where is it smart? Where can you get the advantages that the nimbleness and scale of the cloud brings straight to government IT operations.”

But what about the money? Will agencies see future funding for cloud computing initiatives? Link says many agencies were helped in the past by the American Recovery and Reinvestment Act, and now agency heads and IT managers are looking at spending differently.

“Some of the huge projects that are multi-year, large awards may not be going as fast because they tend to take a long time, but I think what you’re seeing from a government IT perspective is more of a surgical approach to [solve problems]. There’s a huge initiative where Vivek Kundra has said, by the end of the year, he wants all agencies to put together and put forth their data center consolidation strategy and plan. Data center consolidation is really about figuring out how to collapse and provide more shared services, which is really going to drive adoption of the cloud and virtualization and these core technologies even faster because they’re a key linchpin to getting there.”

This isn’t just a pie in the sky theory, but comes direct from Federal CIO Vivek Kundra at a NIST conference last week, stating that “for the cloud to truly take hold in the government the feds must develop standards to avoid inefficiencies and security holes.” The consolidation of federal data centers over the next year is the first step in approaching this “game-changing” technology, and Kundra is determined to support even more changes at the benefit of creating more efficient government IT operations.

We already know that the government is ready for the cloud, as we saw in our FOSE survey this year with one in three planning cloud initiatives this year. The government is responding to that with programs like the Federal Risk and Authorization Management Pilot program (FedRAMP), which aims to aggregate cloud computing standards and ease agency certification processes and the Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC) initiative that encourages federal agencies to develop standards, collaborate on cloud computing specifications and test standards. NIST is pushing these programs forward and through them “believes that the government community can accelerate cloud adoption by validating key cloud specifications and sharing information to build confidence in cloud computing technology before formalized standards are available.”

All of this hard work goes to show that the cloud is not going away. Government agencies are working together; investing a lot of time, money, research, and resources that are dedicated to charting out the best path for the government cloud that it can find.

We saw in our FOSE survey that the federal government has heard the cloud computing call. Our numbers showed that 58% have seen the light, (that is, the importance of cloud computing), and 32% are planning to implement the cloud this year (a 20% increase from 2009).

The stage has been set for the government to embrace the cloud, especially with the announcement last week of Recovery.gov moving to the Amazon cloud (actually, according to Derrick Harris, it’s not the first federal site housed in the cloud – Data.gov currently resides within Terremark’s Enterprise Cloud infrastructure).

It’s clear that Vivek Kundra is behind the cloud, and it’s just a matter of time for agencies to really be able to utilize all that can be done with the cloud – IT operations will simply be more scalable, agile, and efficient – resulting in cost savings for the federal government. That’s a great return on investment for the cloud.

“By using cloud services, the Federal Government will gain access to powerful technology resources faster and at lower costs. This frees us to focus on mission-critical tasks instead of purchasing, configuring, and maintaining redundant infrastructure.

The Obama Administration is committed to leveraging the power of cloud computing to help close the technology gap and deliver for the American people. I am hopeful that that the Recovery Board’s move to the cloud will serve as a model for making government’s use of technology smarter, better, and faster.”

We already know that there is a huge deficit when it comes to federal data centers, prompting the great data center consolidation of 2011. For reasons ranging from simply becoming more efficient to saving federal IT dollars, all agencies are on board with the initiative and looking to the future. Once that is completed, the government will have to really evaluate what resources they have and what is being utilized, and this is where the cloud can really shine.

According to Information Week, Department of Treasury CIO Michael Duffy said, “We’re going for substantial change in efficiency and utilization of the computing resources we have.” Duffy said that consolidation efforts would have to be multi-faceted, including decommission, centralization and site consolidation, virtualization, and cloud computing. He has begun to champion the cause of cloud computing as well, and is launching a few cloud computing pilots with an eye toward plans like cloud e-mail.

Shared resources make sense for the government at a macro level. Our government relies on checks and balances and cooperation between agencies; whether for intelligence, legislation, or benefits (think Veteran’s affairs, social security, FDA regulations, health records, etc.). The same should be true for the way that government IT is run. IT infrastructure should be allowed and encouraged to be part of shared resources, that can be scaled up or down as needed.

The government is moving to the cloud, whether they like it, are ready, or not. We are definitely seeing a big switch, whether agencies choose to adopt a public cloud, private cloud, or hybrid cloud approach, there will always be questions. Right now, concerns with security are being addressed, as are concerns with standards and program management. But no matter what the critics say, it’s exciting to see disruptive technologies such as virtualization and cloud computing at the forefront of our government IT, and proves that while some see the federal government as moving at molasses-like speed, there are still technologies that allow the government to become cutting edge and drivers of innovation.

We can’t talk about IT this year without mentioning cloud computing. The government is not immune to the hype; and a private, public, or hybrid government cloud may not be a far off fantasy for some agencies, considering that 58% listed cloud computing as important. In fact, cloud computing comes in as one of the top initiatives for agencies this year, with 30% considering either a private (17%) or public cloud (13%) solution. This is right behind data center consolidation (50%), virtualization (52%) and IT modernization (56%).

Data center consolidation will definitely make an impact this year, with 66% of respondents reporting some kind of impact (31% minor and 33% major) on their IT operations due to the federal data center consolidation mandate from Vivek Kundra and the OMB.

We were interested to see that green IT saw a slight bump this year, with 67% listing it as important or very important. This makes sense though, because with the move to virtualization and cloud computing, agencies are already using technologies that will leave a greener footprint for their data centers.

It’s worth noting that adoption takes time. This isn’t necessarily a new idea, but the proof is in the numbers. Take a look at cloud computing. While cloud computing has generally been accepted as important by the federal government, there is a wide disparity in numbers of planned implementations vs. actual tools in place. One in three  have plans to implement cloud computing, but only 7% actually have the tools in place.

Put this against virtualization, which was the IT media darling not even two years ago. Although we see more planned installations of virtualization management tools scheduled this year (38% compared to 23% in 2009), there was only an small increase in actual tools in place (32% vs. 29% in 2009). We are willing to bet that cloud computing will come up fast against virtualization, and the numbers will begin to mirror each other in the next 12-18 months. Both virtualization and cloud computing saw a dramatic increase in planned tools from 2009 to 2010, with a 15% jump for virtualization management and a whopping 20% jump for the cloud.

While many may know what cloud computing and virtualization management can do for their organizations, it appears that 1/3 don’t know what ITIL is, or how it can help their IT operations. We have seen steady numbers from the past two years of folks not knowing the importance of ITIL or of any plans to implement. (In 2010 and 2009, 26% don’t know importance, 33% in 2010 and 32% in 2009 don’t know of plans to implement.)

Budgets are always a touchy subject for many government agencies, and this year we saw a dramatic decrease in the number of “wait and see” responses when asked about the effect the economic crisis has had (or will have) on IT budgets. In 2009, agencies were wary and reported 31% unsure of what was going to happen. This year only 5% seemed to be experiencing that limbo feeling. That’s not to say that things have been easy. 56% reported  projects stalled in 2010. In 2009, 30% reported some cost cutting, but in 2010 13% reported actually spending more. It seems the agencies that have more at stake  (DHS) for example are willing and able to go the extra mile and spend more for their causes.

The government often has to work harder than private corporations to create change in their agencies. But, this year it seems that with a little help from the Office of Management and Budget, many federal IT workers are being forced to learn and adapt to somewhat disruptive technologies (cloud computing), in order to make a change for the better. This isn’t necessarily a bad thing, and hopefully the government can serve as an example of the right way to approach IT management. One survey participant from DISA did note that our survey was “great” and “very thorough and well thought out”. We hope that others can continue to review the trends over the years and see first hand the positive changes the government is making.

Greenpeace feels that at current growth rates, by 2020 cloud computing will more than triple the current consumption of electricity in the United States. David Linthicum of InfoWorld breaks down the flaws of this theory. Last fall, Greenpeace targeted HP for its slowness in reducing toxic chemicals in its PCs.

Linthicum also believes that they hype around cloud computing is beginning to die – which is a sign that it’s becoming mainstream with actual usage rising. He presents his version of the hype cycle – not to be mistaken for Gartner’s hype cycle.

A survey of 40 federal CIOs shows that while they believe in and are taking steps to support the Obama administration’s call for a more open and transparent government, they are unclear about the security issues and cite cybersecurity as the number-one challenge to making these efforts successful.

Oops – the General Services Administration issued a correction that it saved $1.7 million per year in cloud savings by moving USA.gov to the cloud, not $850 million as previously stated during a FOSE session.

The Digital Due Process coalition is pushing Congress on US privacy laws to address privacy regulations in the era of cloud computing. Privacy of electronic data is governed by the Electronic Communications Privacy Act of 1986, light years ago in Internet time.

There is growing consensus for reforming FISMA – the Federal Information Security Management Act of 2002, including federal CIO Vivek Kundra.

“Despite the improvement reported by agencies, the federal government’s communications and information infrastructure is still far from secure. The FISMA measure reported on annually have led agencies to focus on compliance. However, we will never get to security through compliance alone.”

Vivek Kundra

Finally, there is more evidence that the lack of IT skills worries IT professionals as a barrier to the adoption of virtualization. Forrester Consulting interviewed 257 IT professionals and report “the proper skills for the future are difficult to attain and retain.” The depressed economy may have hampered staff training in virtual systems.

The theme of FOSE, solutions to the business of government, could be a commercial for an important part of GSA. FOSE gives a great chance to share ideas and network, and also strengthen the partnerships that strengthen our economy, government, and our citizens.

Martha took this job for a reason – to transform GSA into the big engine that will. GSA’s mission is to support its client agencies so that they can support their core missions.

GSA has to seize change so that their customers can fulfill the missions in today’s world. GSA is the government’s change agent.  But, how do we get there?

First with information technologies. With building technologies, and even with human technologies. Second, partnering with industry and customers. The notion of change is sensible and sensational.

So where is GSA with that?

The first things Martha has learned is that the federal workplace has changed, dramatically. Work is what you do, not where you are.

Nearly 60% of GSA employees were working remotely from home during the blizzards this winter. Martha was actually sworn in by phone, standing in her kitchen.  Work definitely is what you do, not where you are.

Another thing that is changing is how  our carbon and geographic footprints are merging.

The government is now gathering information about carbon usage and greenhouse gases in our buildings and activities.

Not only is the workplace changing, but the work itself. Government i s having to do much m ore with much less. This requires a better head for thrift, and better value propositions.

Information technologies continue to explode. Firstgov.gov launched at the end of the Clinton administration.  Now the Obama administration is committed to harnessing technologies to open and improve efficiency and effectiveness of government and to simplify and expand citizen access and engagement.

GSA has now developed more customer facing solutions. The workplace is changing and the work is changing. So how will GSA be the change agent, and the big engine that will?

GSA has learned to play in the market. Now GSA must decide if they want to win. Governments needs are changing and industry is evolving.

A few scenarios:

• A mandate change – what if Congress pushes through aggressive cooperative purchasing and decides that GSA schedules should be open to state and local businesses? Imagine that.
• A second scenario for growth is as simple as a market change. That’s what’s happening already. Where could that help? Veteran’s administration, healthcare information, and more DoD work.
• The third scenario puts the question just to GSA. GSA could win more business if they stepped up their performance with and for others.

But how?

Business literature says there are three fundamental ways to improve performance, customer intimacy, innovation and operational excellence.

Customer intimacy. A deep understanding and resonance with customers.  The challenge here  is  open government.  Transparency equates to customer intimacy. GSA is the membrane between government and industry, between government and solutions. Technology solutions will help.

Innovation. Customers want cutting edge solutions. Not the ones that were relevant in the 1990’s, or ones that are up to date. That’s not good enough. GSA has a tradition of innovation. But innovation creates risk. This is where  GSA – as a consolidated, centralized  agency – can really shine by helping industry and customers leverage and manage risk. That’s a solid business proposition.

Thanks to the Obama administration,  GSA has the arena to demonstrate innovation. NASA had the moon and  DARPA had the Internet, but GSA has two arenas for innovation – sustainability and open government. Sustainability is a big part of GSA, from historic restoration and preservation to green government. Sustainability is a big initiative going forward, by supporting data center consolidation and greener, more efficient secure IT solutions.

Operational excellence. GSA has to step up to President Obama’s challenge for a better government for the people. This happens through transformation. Processes, performance, and most importantly people. Transformation=talent.

GSA has three things to ask of their customers and industry partners in order to be successful.

• Be more clear about your needs and challenges
• Don’t hesitate to speak honestly about what GSA can do for you
• Ask for ranges of options, ask for solutions, and challenge GSA to  be the big engine that will.

The future of GSA is clear. The future is winning.  GSA will win through innovation, through technology, through shared risk, and through cultural and process transformation.

The panel featured John Curran (President and CEO for ARIN), Martin Levy (Director of IPv6 Strategy, Hurricane Electric), Doug Montgomery (Manager, Internet Technologies  Research  Group, NIST) and moderator Peter Tseronis (Senior Advisor, U.S. Department  of Energy and Chairperson, USG Federal IPv6 Working  Group).

Some quick “soundbytes” from the session. Just the facts Jack.

• There was a meeting with OMB and others last week about the status of IPv6. The IPv6 testing program is coming out this summer. Many agencies may have put IPv6 on the backburner (at least according to Peter).
• Vivek Kundra wants anything developed in the cloud space to  have IPv6 as a backbone, or equal part.
• There are only 4 billion IP addresses available worldwide. That’s kind of mind-boggling. Somewhere between 2010 and 2017, we were expected to run out of IP addresses.
• 340 trillion plus IP addresses are available for IPv6. If the number of IP addresses in IPv4 could be compacted into a golf ball, for comparison, IPv6 could be compacted into…the SUN.
• Why are we doing IPv6? We have allocated 77% of IPv4. Network 10 is permanently reserved so is unallocated. That means there’s only about 8.5% available. We’re going to run out in two years.
• ISPs come every 6-12 months for new addresses for customers.

What will happen?

• IPv4 demand continues
• IPv4 free pool depletes
• IPv4 NAT use increases
• So…. IPv6 deployment.

So what next? The Internet is full, sorry, no more. That won’t work.

Bottom line: no choice but to move to IPv6.

Challenges? IPv6 is not backwards compatible with IPv4. We must maintain IPv4 and IPv6 simultaneously for a few years. We have to run dual stack.

But never fear, IPv6 addresses have been allocated since 1999.

Today, there are organizations attempting to reach your mail, web, and application servers via IPv6. If you’re not IPv6 enabled, there will be some issues.

ISPs have even bigger problems. Your entire infrastructure is going to have to be dual-stack.

Who does this impact? Everyone.

• Enterprise Customers – your mail web and application servers must be reachable via IPv6 AND IPv4.
• Internet Service Providers – begin planning to connect customers via IPv4 and IPv6 now. Communicate with your peers and vendors about IPv6. Consider IPv6 when making purchases.
• Content providers – Connect hosting customers via both IPv4 and IPv6 now.
• Government – keep awareness up. Coordinate with industry. Adopt incentives – regulatory and economic. Support and promote activities. Officially adopt IPv6.

People have an emotional lifecycle for technology adoption. Inspiration, hope, hype, disillusionment, despair and finally understanding.

How does government fit in? All agencies are required to plan for IPv6 adoption.  NIST has to create guidelines for it.

How do we protect early investments? There is a need to verify completeness, correctness and safety of early IPv6 implementations. That is where the NIST capabilities checklist comes in.

The USGv6 Test Program was created to establish a unified testing program with commercial labs that are accredited with tested products.

From a commercial standpoint: IPv6 is easily available, it works and it’s growing.

90+ countries have a “live” IPv6 presence. IPv6 is active at global Internet peering points (global infrastructure).

Check out this progress report. And this one.

A summary of the commercial IPv6 adoption? It’s going up.

ISPs are not going to stop growing. IPv6 is not going away. So make sure your agency, service provider, and corporation are ready.

Peter: The NIST cloud computing definition is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

The definition goes through the cloud framework for private  (SaaS), community (PaaS), public (IaaS) and hybrid clouds.

The biggest problem turned out to be security compliance.

There is currently a federal risk and authorization management program pilot. We’re focusing on using the NIST framework for security, and also looking at the implications of continuous monitoring.

The problem: How do we best perform security authorization and continuous monitoring for large outsourced and multi-agency systems?

Government is increasing its  use of large shared and outsourced systems. Technical drivers are the move to cloud computing, virtualization and web 2.0. We also have data center consolidation as an initiative.

The reality today is a lot of duplicative effort, management efforts and incompatible agency policies. FISMA is not one set of rules, it’s a process.

We have only recently started to have government wide security efforts.

The solution and proposal is FedRAMP (Federal  Risk and Authorization Management Program).

The proposal is to create a unified government-wide program to provide joint authorizations and continuous security monitoring services.  However, authorizations are intended to be leveraged throughout government.  This is to be an optional service provided to agencies that does not supplant existing agency authority. This does not take away agencies’ authority to make their own risk management decisions.

But what about government systems? In the current model, an agency develops a system they like with security requirements they want, assess, authorize and perform the continuous monitoring. Then they want to sell it to other agencies, however there is little oversight or control for the agency consumers.

FedRAMP Goals

• create a unified risk management process,
• create interagency agreed upon security requirements,
• ensure compatible security requirements on shared systems,
• eliminate duplication of effort and associated cost savings,
• enable rapid acquisition by leveraging pre-authorized solutions,
• encourage better system integration with government-wide information security efforts,
• and increased security through focused assessments.

If this model of relationships works, it will change the way security management works in the federal government. FedRAMP currently works with a joint authorization board and security requirement authorities, then feeding approved measures to private sector providers and government information system owners.

Earl: I chair a cloud security working group – the Information Security committee under the  Federal CIO. Last year we studied social media guidelines so agencies could use and adopt social media policies and tools. This year our focus is on cloud computing.

Cloud computing doesn’t mean only public cloud. It is a dynamic allocation of various resources. A tricky part is you begin to lose some visibility and control.

One of the issues is that public clouds are built around an assumed set of basic requirements.

Government is often targeted, and we need to combat those issues.  This makes any IT use, especially cloud computing, a bit different and unique. So, one size really doesn’t fit all. There are different sets of requirements among different agencies.

We’re developing a set of guidelines for policies and procedures to make sure agencies are protected as they embrace cloud computing.

Cloud computing is more than application sharing. It’s actually multiple layers.

It’s hard to tweak public cloud environments to meet all the mission-specific requirements of an agency. Because of that, private cloud is not going away anytime soon.

Community cloud could also be externally hosted with a dedicated system. It might not be a government data center, but it’s also not a public cloud.

Sidenote: Check out the Cloud Security Alliance for some really in-depth information.

What are some issues unique for government, specifically in a cloud environment?

• Architecture framework for government cloud computing – a set of requirements for how government cloud should operate. It will have to stay on U.S. soil.
• Encryption key management needs protection.

There is a fallacy that cloud provides good uptime.  It doesn’t really. Look at Microsoft For anyone that had a t-mobile sidekick, they lost all their information when their data (that had been in the cloud) got moved to Microsoft. Thinking that having everything in the cloud gives you strong continuity of operations, think again.

Security and the government cloud go hand in hand. It’s great to see that there are so many initiatives to make sure that government agencies are able to effectively use the cloud with clear guidelines and policies that work for them.

My only question is, how will FISMA change with the cloud?

Dan: There are some key challenges to cloud adoption. Security, governance, and the acquisition process which are related to visibility. Performance, culture change and controlling expectation are other challenges. We have public clouds and private clouds with multiple delivery modes. How do we make sense of it? How do we secure it? We have all these controls written into FISMA which say things like “make sure you have physical control of your servers and know where they are.” – except that if our services are in  Amazon, how can we ensure we’re following FISMA compliance rules?

Some enablers of the cloud are the National Defense University, DKO, Enterprise User, and Identity, Credential and  Access  Management (ICAM). Some early adopters of the cloud include DISA, Forge.mil, and Race.

A little more on the ASD NII Cloud Initiatives -

Enterprise  Services Governance – designation process for mandated, shared, and functional capability (Community), enterprise services; on-ramp-fielding sustainment.

We picked an initial set of services that are being provided by DISA, a set of collaboration tools, content discovery and content delivery.

There aren’t a lot of great ISPs in Iraq and Afghanistan, so we use a third party to provide access.

How do we build applications today? Either a local network (like Active Directory) – which is usually on a pretty small network. The other way we do it is to individually provision each user for web applications. That won’t work anymore.

Let’s say you have data that is contract sensitive, we know who should have access to that. But, if I want to provide a service or SaaS where that information is accessible to share, that solution is not readily available. So how can you provide attribute based access control? The cloud.

We’re also thinking about how to do things like office automation – share information and work collaboratively, but do it in such a way where we are leveraging the idea of the cloud and know exactly where it is and how much is being utilized.

“Working in the cloud” pathfinder

• Establishing a  test bed in the Cloud (RACE)
• Office  Objects (basic workflow for a large percentage of the NIPRNet customer base)

The DoD Storefront an app store focused on web application (a standard “widget” framework) – borrowing a lot from Apple but also some from Amazon and Google. This helps expose the DoD Marketplace. The first preview will be at the upcoming  DISA Customer Partnership  Conference in May 2010 – so stay tuned for more on that.

There are two fundamental functions we do in the government. The most fundamental ones are communication and collaboration. Cloud computing is a game changer in how we do both. It offers scalability. Social media also needs to blend into the workflow.

Henry: Just as some background, RACE (Rapid Access Computing Environment) offers 24 hour IaaS provisioning -  which increase and decrease scalability as needed. It also has streamlined/automated accreditation to DoD IA standards, and working SaaS with ASD NII/CIO. RACE also works within Federal Cloud Computing Working Groups.

Forge.mil offers online collaborative software development environment that contains tools for: version control bug tracking, integrated testing, cross-program collaboration,and access to open-source and community source-software.

We’re moving from PaaS to SaaS in the government.

The NIST definition of cloud computing is where we believe information technology delivery is going, not just for DoD but for the entire government. And also, this has to work for NGOs.

But for that to work, we need it to be secure.

DISA computer services is a complex provider. We have 14 data centers and run things like the health care system (like HIPPA) and payroll for the military. We also run personnel records, so all our data center operations have to be very secure and also compliant with current laws.

How do we appropriately consolidate? How do we look at the out-of-band network so we’re using appropriate technology?

If you check out DISA’s website, we have 2, 4 and 10 year goals to figure out how we best deliver our service offerings.

Mark: Clouds are only important if it rains. If it rains too long, it’s not good. Nobody really knows what it means for business. But, why is it important?

The  DoD is trying to figure out how to manage and unlock all of the data they have. They are dealing with a $1.6T budget.

We tried to keep it simple. Timely, accurate, and authoritative information. Authority implies accountability.

Clearly we’re breaking down silos. Through changes in data governance and the development of shared services, we’re able to deliver value to decision makers and share proprietary information across the Army, Navy, Air Force, etc.

When we think about cloud, we think of it as alignment. We actually have silos of systems. We use SaaS, PaaS and IaaS.

Next steps? Investing in DoD partnerships like Race and Forge.mil

Question: How does/will the DoD app store compare to apps.gov? Is it the same, or should it be?

Apps.gov negotiates with different TOS for different social networks, to meet government requirements. Then it’s up to the individual agency to sign on to use a social network.

Apps.gov is – how do I go out and buy SaaS? Not a focus on the end user. Facebook and Twitter is more execution for the agency as a whole.

What DoD Storefront will focus on how do I provide capabilities to end users that can immediately be used? This is about government providing applications to government users. We are also partnering with apps for Army.

There is a balance between apps.gov where you are a systems provider with a solution vs. storefront.

Question: Has anyone isolated what  pieces of FISMA get in the way of using cloud securely?

We can get some cloud offerings through FISMA. It’s less about the core of FISMA but more the controls within them.

Disclaimer: DoD doesn’t deal with FISMA too much.

But, for the path for production, we look at our controls and streamline them for our workflow process to identify each piece. We looked at three different principles, such as inheritance and duplication process.

Overall it looks like  DISA has some great things in the works for the cloud. I’m looking forward to seeing what they do next!