The U.S. Department of Defense plans to spend nearly half a billion dollars on a project that is designed to further the incorporation of commercial cloud capabilities into DoD’s information technology operations. Vendors have been asked to submit bids for the project, known as “Mil-Cloud 2.0.”
The procurement is one element of a comprehensive strategy for expanding cloud operations that DoD revealed earlier this month. The Defense Information Systems Agency is implementing the strategy.
DISA’s plan involves three tiers of capabilities, as well as the provision of secure hosting environments, according to John Hale, chief of DISA’s cloud portfolio office. The mission of the portfolio unit is to provide cost savings by moving as much of DoD’s IT functions as possible to the cloud.
To fulfill that goal, the unit has been assessing cloud practices across the entire department since last fall, and it has discovered a significant number of disparate activities. As a result, the portfolio staff has been investigating policy and security issues to determine how DISA most effectively can facilitate secure and efficient cloud capabilities at the enterprise level.
“Our budget looks like everyone else’s in the department. It continues to shrink, so we have to facilitate cost savings, and reduce overhead for the entire department,” Hale told attendees at the Advanced Technology Academic Research Center Federal cloud Computing Summit last month.
The three-tier approach to addressing the situation focuses on the following:
Traditional Data Centers: No matter what direction computing takes within the department, there are workloads that exist today that always will require hardware to function. Modernizing the current hardware inventory is slowed by budget constraints, but the mission must continue.
“We will continue to operate several traditional data centers,” Hale said.
On-Premises Private Clouds: To facilitate moving IT operations to the cloud, on-premises resources will be utilized. The on-premises private cloud will serve mission partners whose information and data are categorized within data security impact levels five and six, encompassing unclassified national security systems and classified national security information.
“There are certain workloads we’ve identified as needing to be ‘on our concrete’ from a data ownership and data management perspective,” said Hale. “The best example of a use case scenario for on-premises private cloud is nuclear command and control. We’re simply not going to run those capabilities out of an off-premises commercial cloud environment.”
Off-Premises Services: The third tier, which would offer the department the most efficiency and cost savings, is comprised of off-premises commercial cloud services that can support data at security impact levels two through five. With this type of cloud solution, DISA will provide what it calls the “secure cloud computing architecture.”
Many DoD mission partners have been reluctant to embrace commercial cloud offerings because of the perception that security issues would be difficult to manage.
“We will have a management stack that allows mission partners to manage their virtual data centers in the cloud,” said Hale. “Securing credentials and maintaining key management and control is paramount. Therefore, we will also offer a trusted cloud credential manager service, which allows us to control the credentials.”
Cloud Build Up: $498M
The Mil-Cloud 2.0, Phase-One contract will be a key building block for achieving the goal of greatly enhancing on-premises private cloud capabilities. The existing DoD Mil-Cloud program is a cloud-services product portfolio that features an integrated suite of capabilities designed to drive agility into the development, deployment and maintenance of secure applications. The program embraces an Infrastructure as a Service approach that leverages a combination of mature commercial off the shelf and government-developed technology.
The Mil-Cloud 2.0 project will have a potential contract value of US$498 million over a five-year term.
“The purpose of this contract is to obtain cloud infrastructure services in DISA data center facilities. These commercially developed infrastructure services are to be available within DoD networks, implemented as a private cloud service deployment, with the single tenant being the DoD community and DoD partners,” reads the request for proposals.
DoD has been updating the RFP since it was issued last month. DoD recently notified vendors that the deadline for proposal submission was Aug. 31.
The contractor likely will be a major entity with significant cloud capability, since DoD plans to award a single, firm fixed-price contract, versus a multiple-source approach. The RFP allows for partnerships and subcontracting by the prime awardee. Thus, entities at the level of Amazon Web services, Google and Microsoft are likely competitors.
With the work statement pointing to a single vendor award, “Mil-Cloud looks like it will resemble the federal intelligence community’s information technology enterprise cloud deployment, which was also handled by a single vendor,” said Chris Wiedemann, consultant for market intelligence at immixGroup.
“That said, the language also states that the compute being provided ‘shall support the import and export of workload machine images to enable future hybrid or multivendor infrastructure approaches,’ which suggests that DoD is planning for more vendor integration into future versions of Mil-Cloud,” Wiedemann told the E-Commerce Times.
“As to the potential for subcontracting, there is some possibility that the awarded prime could sub out some of the program management and integration support work outlined in one of the task areas, but in general I would expect most of the work to be handled by the prime,” he said.
Evolving and Maturing
Amazon appears to be in the thick of the bidding process.
“We’re pleased to continue to help the U.S. Department of Defense achieve the mission benefits of commercial cloud,” said Jennifer Chronis, general manager for DoD at AWS.
AWS two years ago achieved an important security clearance from DoD for certain cloud capabilities. Earlier this year, it revealed that the company’s AWS Govcloud product had received a similarly significant DISA security authorization for various DoD applications.
The approval “will allow DoD agencies to use the AWS cloud for production workloads with export-controlled data, privacy information, and protected health information as well as other controlled unclassified information,” noted Chris Gile, senior manager, AWS public sector risk and compliance.
“In addition to the cost-savings achieved by moving from on premises to the cloud, we will continue to partner with the DoD tohelp the agency also take advantage of the cloud’s increased security, agility and scalability,” DoD’s Chronis told the E-Commerce Times.
“Over the last several years, we’ve seen many government agencies advance in their journey to the cloud, finding success across these benefits by making the commercial cloud a core component of their strategic business and mission objectives. We look forward to helping the DoD realize these same benefits,” she said.
“As the security architect for DoD when it comes to cloud computing, DISA has to grapple with codifying frameworks around securing information in the cloud, given both the growing momentum of cloud adoption throughout DoD and the decentralized nature of cloud acquisition,” said Lloyd McCoy, DoD market intelligence manager at immixGroup.
“What we’re seeing is a maturing cloud strategy that reflects best practices for approaching cloud adoption while respecting unique DoD security requirements,” he told the E-Commerce Times.
By setting parameters on what can and cannot be stored in the cloud — and whether its on-premises, or off-premises — DISA is providing clear guidance to the rest of the department,” said McCoy, “which actually liberates agencies to pursue cloud hosting for their respective environments. This indicates more evidence that DoD is at the forefront of cloud adoption across the federal government.”