i360Gov.

com | SPECIAL REPORT | APRIL 2010

Federal Cloud Computing Initiatives Gain Traction

Due to its promise as a low-cost computing alternative, publicity surrounding cloud computing remains at a fever pitch, and federal IT executives increasingly realize they must find some way to incorporate this software as a service model into current operations, to help them do more with less -- even as serious security concerns linger. The current administration recommends launching cloud computing pilot tests for applications ranging from communications and remote access, to virtual data centers, analytics/reporting, web portals, collaboration and both records and case management. And while U.S. Chief Information Officer Vivek Kundra intends to shrink the total number of government IT initiatives, cloud computing remains a top priority. In fact, public sector investment in cloud computing will likely more than double in the next five years, according to a recent report by analyst firm INPUT in Reston, Va. As the federal government modernizes IT infrastructures, agencies are exploring cloud computing as a viable alternative to buying and maintaining additional servers and software. Industry observers cite the administrations Open Government Directive and the apps.gov website as a prime example. NASA, meanwhile, launched Nebula, a home-grown cloud computing environment designed to let outside scientists contribute. DISA has the RACE program, which is being used to test cloud services. And the Department of Interiors National Business Center is rolling out a variety of cloud-based offerings for federal agencies, in its role as a shared services provider. (See related article, in this report.) Driving the migration is the ongoing need to increase flexibility, improve efficiency, lower costs and support a variety of workloads, as well as a range of Internet users who increasingly expect high availability, function and speed. Peter Mell, a senior computer scientist and project
SOURCE: INPUT

Cloud Market Forecast 2009-2014

The total federal cloud computing market is expected to grow from $370m in 2009 to $1.2b in 2014 at a compound annual growth rate of 27%.

lead for NIST, maintains that high costs and hefty power consumption of traditional computing environments underscore the need to explore other options. Currently, $800 billion is spent annually on the purchase and maintenance of enterprise software, and 11.8 million servers run at only 15-20% capacity in data centers. Meanwhile, the number of servers doubled between 2001 and 2006, while power consumption per server actually quadrupled during the same period. Technologies such as virtualization, high-speed networking, monitoring and capacity planning play key roles in the maturing cloud computing concept for a wide range of workloads, said Tim LeMaster, Junipers Director of Systems Engineering.

sponsored by:

Cloud Computing is a natural evolution of the IT architecture. It addresses the issues of increasing capacity and performance on the fly while lowering CAPEX and OPEX. For almost any type of data center operation, the principles of Cloud Computing can deliver these values, and network architecture is an essential and fundamental element. Juniper Networks Cloud Data Center Network solutions simplify network and security design by collapsing the multiple tiers present in traditional architectures, allowing the network to become simpler, flatter, and more scalable. In addition, the simplified network design requires fewer devices and interconnections, leading to improved performance, lower capital and operating costs and efficiencies in space, power, cooling, and management.

Although the cloud computing concept is still evolving, it has been defined by NIST officials as a pay-per-use model for enabling convenient, on-demand network access to a shared pool of configurable and reliable computing resources, such as networks, servers, storage, applications and services that can be rapidly provisioned and released with minimal consumer management effort or service provider interaction. The elastic, shared, self-managing and self-healing utilities inherent in cloud computing are so attractive because they support all users, no matter where they are located. Also, these services can minimize inefficient infrastructure, while boosting initiatives such as Green IT, disaster recovery/COOP and Telework. Cloud computing can also help federal agencies create unified, reliable, available infrastructures, comprised of interchangeable industry-standard components. Increasingly, agencies are adding online submission processes for taxes, registration and bill payment services, said Jeffrey Kaplan, managing director THINKstrategies, Inc. a market research firm specializing in software as a service, in Wellesley, Mass., who added agencies could also use cloud-based services to leverage third party resources for situational computing requirements (think tax season).

Insecure interfaces and APIs -- reliance on a weak set of interfaces and APIs exposes organizations to security risks related to confidentiality, integrity, availability and accountability. Shared technology vulnerabilities many cloud providers havent designed disk partitions, CPU caches and other shared elements for strong compartmentalization. Data loss or leakage this can lead to compliance violations and legal ramifications. Account, service or traffic hijacking -- with stolen credentials, attackers can access critical areas of deployed cloud services, which can be used to compromise the confidentiality, integrity and availability of services. Unknown risks While features and functionality may be well advertised, detailed information about the compliance of internal security procedures, configuration hardening, patching, auditing and logging arent always readily available.

Following Clouds Forward

While security concerns will continue for some time to come, some federal IT organizations are finding that cloud computing initiatives may actually increase security if information stored is safely guarded within the confines of a private cloud. And while private clouds dedicate service to one organization, Juniper and IBM have joined in an OEM agreement signed last summer to allow IBM to offer Junipers networking technologies to advance a hybrid concept that could allow enterprises to seamlessly extend internal private clouds to remote servers in a secure public cloud. LeMaster said Juniper is investing in technologies such as: Converged enhanced Ethernet (CEE) an evolution of Ethernet enabling networking protocol convergence and the addition of extensions to the existing protocol suite to provide reliability without incurring performance penalties. Flow awareness -- in which traffic can be treated differently depending on the subscriber to whom it belongs, and the type of service it represents. Class of service awareness in which classes of service require varying levels of preferential traffic treatment, to compress traffic and conserve bandwidth, or ensure security and accountability, by ensuing network resources go to applications according to a preset organizational priority. Data center reliability to support cloud-based services.

Security Overshadows the Cloud

While most observers maintain the eventual migration to cloud computing is inevitable, others remain steadfastly skeptical, citing security and privacy concerns as prominent obstacles to widespread deployment. These executives doubt externally controlled cloud services can be adequately protected and they stress the need for federal agencies to carefully scrutinize industry offerings to ensure adequate security. In March, the nonprofit Cloud Security Alliance published a sponsored report on top cloud computing security threats, based on information from security experts at 30 organizations involved in complex cloud environments. Top threats include: Malicious employees of cloud computing providers this means potential customers must understand what providers are doing to detect and defend against insider threats. Nefarious use -- hackers actively target cloud providers, partially because of relatively weak registration systems, which facilitate anonymity and also because providers possess limited fraud detection capabilities. 2
i360Gov.com | SPECIAL REPORT | APRIL 2010

In addition to security, legacy systems integration and governance over contracting and service level agreements are nagging concerns. And for some providers, the key issue is a lack of customer support. This is likely why observers such as THINKstrategies Kaplan maintain there will be a re-emergence of traditional legacy vendors who will be able to offer the levels of quality, support and functional services that federal agencies truly require. For now, obstacles from security and privacy to reliability, standards, regulatory or legislative hurdles and the general fear of change, are all outweighed by a desire to move away from technological complexity and isolation, toward better sharing of information among applications, data and users. As Deniece Peterson, manager of

industry analysis for INPUT explains, a growing number of organizations are testing cloud-related technologies such as virtualization and service-oriented architecture (SOA) to build on-demand web services that will boost efficiency, while maximizing existing IT investments. Not moving to the cloud ultimately means agencies will pay more than comparable organizations for the same commodity products and services, she said. At the same time, the groundswell from early adopters, combined with momentum created by senior officials promoting the cloud is also helping drive the clouds 27% compound annual growth rate. This literally dwarfs the overall IT industrys 3.5% growth per year, and further proves anything cloudbased is definitely hot, hot, hot, she said.

Best Practices Advice for Cloud Planning and Implementation

The Department of Interiors National Business Center (NBC) suggests federal agencies introduce cloud computing through a series of small pilot projects, tailored to build interest, introduce staff to the fundamentals of the technology and provide compelling evidence to support how cloud services can resolve operational challenges. To make preliminary projects successful, Douglas Bourgeois, the DoIs NBC Director, suggests agencies also turn to cloud software vendors, commercial cloud providers, and low cost COTS solutions to test early cloud-based services. NBC also encourages agencies to take advantage of its shared services, which can provide a secure test bed for experimenting with cloud computing. Guiding principles the NBC wants agencies to keep in mind include: Pilot different application migration and cloud management products. Avoid big bang rollouts. Cloud technology and approaches are still emerging, and its wise to experiment to find what fits best in the organization. Test solutions based on standard software and hardware, decreasing the cost of a failure. Several vendors are building tools to allow enterprises to build private clouds. Avoid implementing a heavily customized solution as a first step. Consider implementing a cloud lab or prototyping environment to allow users direct access to cloud technologies. Find out from cloud computing suppliers how they enable private clouds, and what delivery approaches are most successful. A nascent industry has sprung up around cloud outsourcing. Many specialized vendors offer capabilities such as user-driven provisioning and metered or reserved pricing, which is worth close consideration when implementing an agency cloud. Workload characteristics must also be evaluated carefully, Bourgeois said because some workloads, such as self-contained, memory intensive applications, are optimized for X86 servers, while other transaction-heavy workloads are better suited for mainframe servers in a cloud solution. Software architecture is important too, Bourgeois said, as working with multiple memory-intensive applications in a cloud environment can create a bottleneck when the software architecture isnt efficient in its memory use. Developers must write routines that free memory resources and reduce the amount of memory required. Keep a watchful eye on costs. The shift to running applications as an operational expense rather than a capital expense requires governance, a management of user behaviors and the processes in place. Agencies may otherwise spend more because they provision more resources than they would have required in a traditional computing environment.

Cloud Security Tips

Additional advice from NIST officials can help better secure cloud computing investments. According to NIST
APRIL 2010 | SPECIAL REPORT | i360Gov.com

officials, agencies should remember the following: Work with the cloud computing provider to determine its attention to security. Compare the vendors security precautions to current levels of security to ensure the provider is achieving parity, or better security levels. Assessing risk is key. Require cloud computing partners to provide risk assessments and information on how to mitigate uncovered security issues. If the provider doesnt have a seasoned client-facing CSO, CISO, or equivalent security professional, proceed with caution. This is a sign the vendor doesnt take security seriously.

Understand cloud security should be equal to the most risky client the provider supports. A cloud provider should be able to map policy and procedures to any security mandate or security-driven contractual obligation an agency faces. Pay attention to the providers adherence to secure coding practices. If the vendor doesnt provide a strong story about the discipline used to write code, run away.
(Source: NIST)

Department of Interior, National Business Center Enhances Cloud Computing Services

The Department of Interiors National Business Center (NBC) has taken a measured approach to cloud computing, embedding security controls and demonstrating its ability to maintain federal agency IT operations, while simultaneously expanding the delivery of cloud services to meet a growing array of customer environments. As a designated federal shared services provider, the NBC offers cloud computing services for federal organizations to help them meet the Office of Management and Budgets (OMB) cloud computing requirements for greater efficiencies and savings. NBCs private cloud allows federal agencies to benefit from a pool of networks, servers, storage capabilities and desktop applications in a National Institute of Standards and Technology (NIST)-certified secure environment. The NBC also offers platform as a service (PaaS) for software and middleware capabilities. Using these services, federal agencies and departments can take advantage of end-to-end development and production pipelines in a hosted environment, on an as-needed basis. Earlier in the month, NBC issued Release 2.0 of the NBC Cloud, delivering new capabilities and services, including: The debut of NBC-APPS (Software as a Service) which incorporates collaboration, issue/bug tracking and blogging applications. 4
i360Gov.com | SPECIAL REPORT | APRIL 2010

Douglas Bourgeois, the Department of Interiors Director of the National Business Center (NBC).

An expansion of the NBC-STAGE (Platform as a Service) creating a pre-packaged development platform that includes a software development tool, version-control and testing tools. An expansion of the NBC-GRID (Infrastructure as a

Service) incorporating separate development, test and production environments running on both mainframe and X86 cloud infrastructures. By offering both mainframe and X86 cloud environment services, NBCs customers gain the flexibility to optimize their cloud computing environments for either an NBC mainframe or X86 infrastructure, based on specific workload characteristics and other customerdriven requirements, according to Douglas Bourgeois, DoIs Director of the NBC. Weve found through testing, that its important for agency customers to pay close attention to software architecture, and especially the specific workloads to be migrated to a cloud platform, he explained. This is because X86 cloud services are optimized for memory-intensive applications and self-contained workloads that dont require much integration. Mainframe-based cloud services, meanwhile, are optimized for processing transactions and tend to be more easily integrated with other applications and environments, Bourgeois explained. The NBCs data center service delivery operations gradually evolved to a cloud computing approach over the past few years, following investments in security technologies, service oriented architecture and virtualization. Key drivers behind the NBCs cloud migration included the ability to rapidly provision services, reduce investment costs, the ability to pay-as-you-go and generate a speedier return on investment, along with the ability to allow multi-tenancy, take up less space and reduce energy use in data centers and improve both access to computing resources and the use of enterprise-wide service level agreements (SLAs). With 80% of server resources sitting idle, at a cost of $34,000+ per server, drawn out two-year capital investment cycles and a doubling of power

consumption across all U.S. data centers in the past five years, this type of pay-as-you-go service grew increasingly attractive, he explained.

Whats Next
NBCs cloud computing data center is currently working on a 90 to 100 day upgrade cycle, expanding cloud services to keep pace with the administrations modernization and data consolidation goals. In the three weeks following Release 2.0, Bourgeois reported that 15 separate agencies accessed the NBC portal to test cloud services and conduct pricing analysis. Next on NBCs schedule of upgrades is the addition of a human resources application and desktop virtualization for customers interested in the organizations software as a service option. Those agencies interested in using NBCs platform as a service will see the addition of IDE life cycle tools, along with an additional proxy server and application server. And federal organizations seeking an infrastructure as a service solution will see the rollout of a high security production environment, along with dynamic provisioning, pay by usage and enhanced disaster recovery services. As a preferred Shared Services Center (SSC) and provider of an array of business management support services within the DoI as well as other federal agencies, NBC offers greater detail, along with the ability to test/ price cloud services at www.cloud.NBC.gov. The NBC will also provide a demonstration or meet with interested agencies via this link.

i360Gov is an intelligent network of websites and e-newsletters designed to keep busy government business and technology leaders expertly informed while saving them time. Comprised of six topic-specific news channels each functioning as its own website along with a comprehensive line-up of e-newsletters, the i360Gov network delivers daily news, analysis and perspective regarding governments largest and most important initiatives in an interactive, online environment.

i360Gov.com i360GovHealthcare.com i360GovBusiness.com i360GovDefense.com i360GovEnergy.com i360GovIT.com i360SLGov.com

APRIL 2010 | SPECIAL REPORT | i360Gov.com

i360Gov.com | SPECIAL REPORT | APRIL 2010