Cloud Computing Discussion:

CIO Council Initiative

Casey Coleman – GSA CIO

1
 Cloud Computing Initiative - Objectives

Improve the government's ability to create a transparent, open and

participatory government.

Organize solutions around the constituent groups being served

Continue the migration towards a services-based environment that is

interoperable and standards-based

Enable rapid deployment of technology solutions for the Federal

government without developing stove-pipes

Enable scalability for existing and new capabilities

Increase savings through virtualization and economies of scale

Potentially reduce cost of infrastructure, buildings, power, and

staffing.

2
 A NIST Definition of Cloud Computing

Cloud Computing:

Cloud computing is a pay-per-use model for enabling available,

convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers,
storage, applications, services) that can be rapidly provisioned
and released with minimal management effort or service provider
interaction. This cloud model promotes availability.

Is accessible via Internet protocols

from any computer.
Is always available and scales
automatically to meet demand.
Is pay per use or paid by
advertisements.
Offers Web or programmatic
control interfaces.
Enables full customer self-
service.

3
 Core Objectives of Cloud Computing
 Security

 Scalability

 Availability

 Performance

 Cost-effective

 Acquire resources on demand

 Release resources when no longer needed

 Pay for what you use

 Leverage other’s core competencies

 Turn fixed cost into variable cost

Based on Amazon CTO Werner Vogels - core objectives and principles that cloud computing must meet to be successful:

4
 There are three basic service delivery models that together create
the ‘Cloud’ – we are starting with IaaS
 Categorizes vendors and services
provided according to Cloud
Computing Architecture types:
– Software as a Service (SaaS):
Software deployment model
whereby a provider licenses an
application to customers for use
as a service on demand
– Platform as a service (PaaS):
Delivery of computing platform
& solution stack as a service
– Infrastructure as a Service
(IaaS): Delivery of computer
infrastructure (typically a
platform virtualization
environment) as a service
SaaS:
• Gov-Apps, Internet Services
• Blogging/Surveys/Twitter, Social Networking
• Information/Knowledge Sharing (Wiki)
• Communication (e-mail), Collaboration (e-meeting)
• Productivity Tools (office)
• Enterprise Resource Planning (ERP)
PaaS:
• Application Development, Data, Workflow, etc.
• Security Services (Single Sign-On, Authentication, etc.)
• Database Management
• Directory Services
IaaS:
• Networks, Security, Mainframes, Servers, Storage
• Telecom Carrier Services
• IT Facilities/Hosting Services
5
 Users and Suppliers of the Cloud operate in a services-based
environment, where components are modular and interoperable

CITIZEN ENGAGEMENT SERVICES: GOV’T END USER SERVICES: MANAGEMENT

• Internet Services • Communication (e-mail) SERVICES:
• Blogging/Surveys/Twitter/Web 2.0 • Collaboration (e-meeting) • Security
• Info/Knowledge Sharing (Wiki) • Productivity Tools (word • Identity
• Social Networking processing, spreadsheet, etc.) • Cloud
Management
GOV’T APP SERVICES (SaaS): BUSINESS SERVICES (SaaS):
• Service Level
• GovApps • Line of Business Applications (HR,
• Payment Services Agreements
FM, Grants, Budget, Geo, etc.)
• Travel Services • Supply Chain Management, ERP (SLAs)

PLATFORM SERVICES (PaaS):

• Directory Services, Authentication, Authorization, Single Sign-on
• Database Management, Workflow Automation, Scheduling,
• Application Development, Testing, Quality Assurance

INFRASTRUCTURE SERVICES (IaaS):

• Server/Computing – Hosting Services
• Storage
• Network-Based Services
• Telecom Carrier Services

6
Different clouds will have to exist to accommodate agency needs
and security considerations

 Citizen Cloud – Cloud as defined by user access and perspective (not hosting
location or data owner)
 Public Cloud – Cloud as defined by providers of cloud computing services, i.e. non-
government or commercial
 Federal Civilian Cloud (i.e. non-DoD/Intel) – Cloud services provided within a
established Federal cloud environment with government/commercial providers,
managed by one agency, subscribed to many other agencies. Specific attributes
may include greater compliance with Federal policy and agency specific cloud
services. Additionally, greater interoperability amongst cloud services in the Federal
Cloud. Leverages TIC.
 National Security Cloud – Managed by a DOD / Intel agency, with
government/commercial providers. Traditional national security requirements and
applications are provisioned within this cloud environment. Leverages TIC MTIPS
providers.
 Federal, State, & Local Government Cloud – Cloud services provided to facilitate
enhanced government services, public safety, interoperability, and business
operations amongst all American government Agencies

7
 What will ultimately be delivered to users? Email, messaging apps,
productivity software = Software as a Service (SaaS)
 Use cloud-based
Payment Services (Permits,
applications to enable Taxes, etc.)
improved productivity, cost Productivity Tools (word
reduction, and ubiquity of processing, spreadsheet,
services etc.)

 Example: web-based email

solutions, allowing
functionality such as web
folders
Messaging/Alert Management
(Email, IM, RSS, Web Accessible
Voicemail)
Web 2.0 Content and Social
Media (Blogs, Wikis, Networking

8
 Potential uses of Cloud computing - Citizen Engagement Services & IAAS
 Simplify the customer experience – web application “storefront”
– Agencies identify their infrastructure and web application requirements using a menu-type screen
– Payment is by credit card or requisition
– Delivery of a secure environment supported by the selected applications configured for their slice of the cloud.

 Front-end user interface

based on simple commercial
hosting model
 Provides access to service
agreements negotiated by
GSA for free Social Media
 Limited one-stop shop site for
agencies to: request services,
make selection from several
vendor options, resulting in
auto-provisioned fully
functional service IaaS

9
 Issues Identified by the federal Cloud Computing Working Group
 Security and Privacy:
– Develop appropriate waivers and federal (i.e. non-agency specific) C & A requirements
– Modify regulations such as FISMA to accommodate Cloud Computing requirements, e.g.
databases and virtualized infrastructure

 Technology:
– Interoperability standards, such as format, protocols, and security policies need to be developed
to ensure that services will be truly modular and will work together both within and between
clouds
– Architecture and planning should be robust enough to accommodate existing and future
infrastructure, databases, and data storage requirements

 Business Models and Management:

– Guidance, including the value proposition/business case and best practices/lessons learned
should be centrally developed to help facilitate agency and government-wide initiatives
– Acquisition processes and budgeting should be closely reviewed and optimized to ensure
effective adoption of cloud computing services; within these processes, agencies must work
actively to prevent the dilution of cloud computing terminology

10
 Top Five Issues – ACT/IAC Cloud Computing Summit
 Vendors identified the following issues as most important during the ACT/IAC
Cloud Computing Summit
– Security issues need to be resolved with each individual provider
– Modification to several contracting/purchase vehicles to facilitate the purchase of
cloud services
– Long lead times for Federal opportunities.
– Cost models are aggressive, but may not have an accurate cost model
– Improve notification of federal opportunities so that they are easier to find for vendor
community.

11
How do we get there? – Federal Cloud Implementation Components

Federal Business Processes

Acquisition

Budget Process

Cloud Development
Define Cloud Solutions (Services) Package Service Components Facilitate Procurement

Identify Candidate Applications Develop Applications Manage Applications

Identify Necessary Data

Pursue Virtualized Infrastructure

Governance
Develop Community of Practice Develop Cloud Adoption Guidelines Leverage Practices

Establish MOUs Establish SLAs Manage MOUs and SLAs

Develop Standards Implement Standards Manage Standards

Develop Policy Manage Policies

12