Systems Engineering at MITRE SERIES

A Decision Process for Applying Cloud Computing in Federal Environments

Geoffrey Raines Lawrence Pizette March 2010; Revised August 2010 Executive Summary an initial cloud service concept through to imple- mentation, that clarifies and defines the key deci- Commercial industry’s use of cloud computing, sion information required and contemporary cloud leveraging economies of scale, commoditizing pro- options. This paper defines an engineering decision cessing power and storage, and incrementally leas- process for applying cloud computing services in a ing only the information technology (IT) infrastruc- Federal Government context and explores impor- ture that is needed at a given moment, is presenting tant activities such as: a compelling business model to Federal leadership, worthy of further investigation. In considering the • Scoping a cloud capability effort application of cloud computing approaches to sup- • Determining which cloud services will benefit an port Federal IT enterprise portfolios, it is useful to organization have a structured engineering process, flowing from • Establishing a business case for cloud services

Commercially-Managed Public Cloud Services (4.1) (4.2) Acquisition Activation • Create purchase orders, • Activate leased assets lease agreements • Load content • Perform competition or • Establish operations sole source • Establish performance • Negotiate Service Level monitoring Agreements Solution Scoping and De nition • Begin billing/payment • Negotiate performance process measurement methods (2.1) (2.2) (2.3) Cloud Service Service De nition Business Case Requirements • Scope the types of • Define the business • Identify cloud service services to be obtained rationale for creating or detailed requirements Government-Managed Cloud Services from the cloud moving to cloud services for the types defined in (3.0) (E.g. Government Line of Business (LOB)) Start • E.g. Storage, Bare • Define cost expectations 2.2 Decision Operations Operating System for cloud services • E.g. Security, Records Point (5.1) (5.2) Platforms, Development • Define expected pros Retention, Continuity De ne Agreements Activation Environments, and cons of cloud of Operations, Computational implementation Expected Performance, • Define Service Level • Activate leased assets Resources, Web Support Levels, Scale Agreements (SLA) or • Load content Platforms, Office • Prototyping and pilots Memorandum of • Establish operations Applications, Back Office Understanding (MOU) • Establish performance Applications • Define cost recovery monitoring model • Begin payment process Supporting Information

Enterprise Program Security New Internally-Built Private Cloud Services Architecture CONOPs Policies (6.1) (6.2) Service Service Engineering Implementation • Full engineering lifecycle • SW license and HW • Design (s) acquisition as required • E.g., Assess locations, • Implement and test power consumption, cloud services workforce, • CRM: Support cloud transportation consumer programs and • Design cloud PMs in cloud service use infrastructure, security

No Cloud Use

Executive Summary—A Decision Process for Applying Cloud Computing in Federal Environments i • Defining detailed requirements for cloud services such as facilities, hardware, and software licenses, • Determining when to use internal private clouds and expected support staff requirements; along with or external public clouds key service cost drivers such as site redundancy, • Assessing when to use community cloud offer- expected service performance and throughput, and ings provided by other Government entities security requirements. • Understanding when it is appropriate to design Service Requirements: At this point service require- and build an internal private cloud. ments are created which will ultimately define the A Cloud Decision Process—The paper is organized viability of possible commercial and Government- around the inset figure, which depicts an engineer- run service provider solutions. The detailed service ing process for the application of cloud computing requirements will include topics such as required capabilities in a Federal environment. security features, required performance, and other service characteristics that will act as differentia- Service Definition: The process begins with activi- tors in selecting a solution later in the process. For ties to scope and define the cloud computing effort. example, requirements will drive the structure of Among the many types of possible cloud services in acquisition documents such as the Statement of the current marketplace, some subset of services is Work (SOW) or Statement of Objectives (SOO) if identified and targeted for use in a Federal organiza- the solution is being leased, or design documents tion’s portfolio because of an expected benefit. Since if the solution is built internally. There are several “cloud computing” is such a broad term, involving categories of requirements that can be specified for a so many possible service types and deployment cloud service, such as cloud service function, service types, defining exactly which cloud services an orga- interfaces and standards to be employed, service nization intends to provide or consume is a funda- response times, service failure mechanisms, and mental initiating activity. The term cloud computing support strategies. can be used to refer to a wide range of services that includes data storage, platforms, and applications. Solution Decision: Next, given a defined project As an example, platforms can range from bare scope and service requirements, a solution deci- operating systems to complete collaboration, devel- sion is made for a given cloud capability based opment and testing environments, to Web servers, on the prior definitional and requirements work. application servers, and databases. It is important Government organizations, looking to realize the to elaborate the organization’s service definitions in same cloud computing advantages that they see unambiguous terms. For example, an organization today in the commercial marketplace, have several might decide that, “We will establish a means to options for obtaining the benefits of cloud comput- lease computer storage by the Gigabyte (GB) using ing, as depicted on the figure’s right side. First, the a monthly payment such as a purchase card.” This commercial marketplace continues to grow with a bounds the project and service in practical terms, wide range of network-based cloud services avail- and this definition can then be used to derive design able for procurement and lease through traditional requirements later in the process. Federal Acquisition Regulation (FAR) processes, when the commercial service can meet the underly- Business Case: Next, a business case is developed ing requirements of the Government. Second, there that elaborates and clarifies the expected motiva- are several Government run solutions that are being tion for using cloud capabilities. For example, for put in place, tailored specifically for Government many organizations the business case may focus on customers. Third, there is always the option to apply cost savings, though there could also be compel- commercial tools to build internal private cloud ling motivations in resource agility, new service capabilities completely within Government data capabilities, labor savings, and/or leveraging exter- center facilities. Within each solution option, com- nal capital investment. Depending on whether the mon items such as Service Level Agreements (SLAs), Federal organization expects to be a cloud service contracts, billing, and performance monitoring provider, or a service consumer, a number of spe- must be resolved. Finally, the capability moves into cific elements are recommended for the business its operational phase. Of course, the option to not case analysis. For example, a Federal community use any cloud technologies due to an adverse busi- or private cloud service provider should consider ness case remains. revenue or cost recovery opportunities, capital costs

ii Cloud Computing In summary, this document outlines a structured for an organization. The engineering process that process for scoping a cloud effort, refining potential follows, and the decisions made there, all rest on a cloud requirements, developing a business case for a robust understanding of the needs of the organiza- cloud effort, and making a selection among a range tion. Cloud computing, when combined with this of contemporary commercial and Government structured engineering processes, can provide more cloud providers. Fundamentally, this process is efficient and agile IT resources for an organization, focused on understanding and documenting a allowing the commoditization of aspects of IT such clear set of service requirements and objectives as as storage and computation, to focus on higher order an essential early step in selecting a cloud service mission challenges. provider and in deciding to create cloud services

Executive Summary—A Decision Process for Applying Cloud Computing in Federal Environments iii

Table of Contents 1.0 Introduction to A Decision Process for Applying Cloud Computing in Federal Environments 1

2.0 Cloud Computing—Solution Scoping and Definition 3

2.1 Clarifying Cloud Services 3

2.2 Developing a Business Case for Cloud Computing 4

2.3 Cloud Service Requirements 7

3.0 Choosing Cloud Providers 8

4.0 Commercially Managed Public Cloud Services 10

4.1 Acquisition of Cloud Services 10

4.2 Activating Cloud Services 12

5.0 Government Managed Cloud Services 14

5.1 Defining Cloud Computing Service Agreements 14

5.2 Activating Government Services 19

6.0 Creating Internal Enterprise Private Cloud Services 19

6.1 Enterprise Cloud Infrastructure Engineering 19

6.2 Cloud Service Implementation 20

7.0 Conclusion 22

Acronyms 23

References 24

THE BIG PICTURE: In considering the application of cloud computing approaches to support Federal IT enterprise portfolios, it is useful to have a structured engineering process, flowing from an initial cloud service concept through to implementation, that clarifies and defines the key decision information required and contemporary cloud options.

Geoffrey Raines A Decision Process for Applying Lawrence Pizette Cloud Computing in Federal Environments

1.0 Introduction “We are moving forward in the direction of cloud The commercial use of cloud computing, leverag- computing in the Federal Government, and part of that is ing economies of scale, commoditizing processing to ensure we have to make sure we are leveraging those power and storage, and incrementally leasing only investments across the Federal Government.” the information technology (IT) infrastructure 2 that is needed at a given moment, is presenting a – Federal CIO, Vivek Kundra compelling business model to Federal leadership, worthy of further investigation. The term “cloud computing” is used to describe a broad Industry IT challenges, recognizing that cloud computing movement towards the use of wide area networks, techniques will be key to producing the underlying such as the , to enable interaction between scalability and agility in infrastructure required by IT service providers of many types, and consum- many Government programs. This ongoing work ers.1 Commercial service providers are expanding will also support organizations with the acquisi- their available cloud offerings to include the entire tion of commercial cloud capabilities. traditional IT stack from storage, hardware and While cloud computing concepts offer many poten- platforms, to application components, software tial benefits in the Federal environment, a number services, and whole applications. More recently, of issues remain in its application: Government service providers are offering analo- gous services within Federal networks. • Commercial offerings may not fully meet Federal needs in areas such as satisfaction of security The White House’s FY10 Federal Budget states requirements, Federal record retention rules, and that, “Cloud-computing will help to optimize the continuity of operations (COOP) requirements Federal data facility environment and create a plat- • Federal contracting policies and methods may form to provide services to a broader audience of currently not have the same agility to dynami- customers… The Federal Government will trans- cally engage cloud services as do wholly com- form its Information Technology Infrastructure mercial organizations by virtualizing data centers, consolidating data • Running cloud capabilities internally, on a centers and operations, and ultimately adopting a smaller scale, may not offer the same benefits as 3 cloud-computing business model.” The recently the commercial outsourcing model formed Federal Cloud Computing Advisory Council, supported by the CIO Council under the Like many large commercial firms, Government auspices of the Federal CIO, has initiated efforts to organizations will have to decide where cloud apply cloud computing techniques to large Federal computing will fit in their broader IT portfolios, and

A Decision Process for Applying Cloud Computing in Federal Environments 1 where the true benefits will be realized. For example, • Defining detailed requirements for cloud services there may be areas where the Government’s benefits • Determining when to use internal private clouds do not mirror a commercial firm’s benefits, given or external public clouds conformance with policy, statutory obligations, or • Assessing when to use cloud offerings provided security practices. It is likely that cloud computing, by other Government entities due to inherent cost advantages when implemented • Designing and building an internal private cloud on a large scale, will continue to impact the com- A Cloud Decision Process—Figure 1.0-1 depicts mercial marketplace regarding how commercial a high-level process for the application of cloud IT infrastructure is acquired, maintained, and computing capabilities in a Federal environment. dynamically scaled. Careful consideration must be The process begins with tasks to scope and define given to cloud computing’s application in a Federal the cloud computing effort. Among the many types Government environment. of possible cloud services in the current market- Document Purpose—This paper defines a decision place, some subset of services is identified and process for applying cloud computing services in a targeted for use in a Federal organization’s port- Federal Government context. As part of this engineer- folio because of some expected benefit. A business ing process, the paper will explore activities such as: case is developed which elaborates and clarifies the expected motivation for using cloud capabilities. For • Scoping a cloud capability effort example, for many organizations the business case • Determining which cloud services will benefit an may focus on cost savings, though there could also organization be compelling motivations in resource agility, new • Establishing a business case for cloud services

Commercially-Managed Public Cloud Services (4.1) (4.2) Acquisition Activation • Create purchase orders, • Activate leased assets lease agreements • Load content • Perform competition or • Establish operations sole source • Establish performance • Negotiate Service Level monitoring Agreements Solution Scoping and De nition • Begin billing/payment • Negotiate performance process measurement methods (2.1) (2.2) (2.3) Cloud Service Service De nition Business Case Requirements • Scope the types of • Define the business • Identify cloud service services to be obtained rationale for creating or detailed requirements Government-Managed Cloud Services from the cloud moving to cloud services for the types defined in (3.0) (E.g. Government Line of Business (LOB)) Start • E.g. Storage, Bare • Define cost expectations 2.2 Decision Operations Operating System for cloud services • E.g. Security, Records Point (5.1) (5.2) Platforms, Development • Define expected pros Retention, Continuity De ne Agreements Activation Environments, and cons of cloud of Operations, Computational implementation Expected Performance, • Define Service Level • Activate leased assets Resources, Web Support Levels, Scale Agreements (SLA) or • Load content Platforms, Office • Prototyping and pilots Memorandum of • Establish operations Applications, Back Office Understanding (MOU) • Establish performance Applications • Define cost recovery monitoring model • Begin payment process Supporting Information

Enterprise Program Security New Internally-Built Private Cloud Services Architecture CONOPs Policies (6.1) (6.2) Service Service Engineering Implementation • Full engineering lifecycle • SW license and HW • Design Data Center(s) acquisition as required • E.g., Assess locations, • Implement and test power consumption, cloud services workforce, • CRM: Support cloud transportation consumer programs and • Design cloud PMs in cloud service use infrastructure, security

No Cloud Use

Figure 1.0-1. Leveraging Cloud Computing in a Federal Environment—A General Process for the Application of Cloud Computing

2 Cloud Computing service capabilities, labor savings, and/or leveraging • Which cloud computing services do you hope to external capital investment. Finally, detailed service use? [Section 2.1] requirements are created which will ultimately • What is your organizational motivation to move define the viability of possible commercial and to cloud computing? [Section 2.2] Government-run service providers. The detailed • For those targeted cloud services, what special service requirements will include topics such as requirements do you need to impose on the solu- required security features, required performance, tion? [Section 2.3] and other service characteristics that will act as dif- ferentiators in selecting a solution. 2.1 Clarifying Cloud Services Given a defined project scope and detailed service requirements, a solution decision is made for a given cloud capability based on the prior definitional and requirements work. The solution for a given service, “The initial requirements definition and tradeoff phase is such as cloud-based email, is determined to be satis- fied by either commercial offerings, Government rarely performed with sufficient rigor… the importance offerings, or internally run private cloud services. of spending sufficient time and resources in this initial Within each solution option common items such phase cannot be overemphasized.” as service-level agreements (SLAs), contracts, bill- – Al Grasso, MITRE ing, and performance monitoring must be resolved. Finally the capability moves into its operational phase. Document Organization—The remainder of this document is organized around Figure 1.0-1. Each Defining exactly which cloud services an organiza- major element in the figure is labeled with a number tion intends to provide or consume is a fundamental that corresponds to a major section in this docu- initiating activity. The term cloud computing can ment. Sections 2.0 and 3.0 describe the steps to scop- be used to refer to a wide range of services that ing and defining a cloud effort, while Sections 4.0 includes file storage, platforms, and applications. As through 6.0 define alternative cloud solutions, each an example, platforms can range from bare operat- with their own characteristics, benefits, and risks. ing systems to complete collaboration, development and testing environments, to Web server application servers, and databases. It is important to elaborate 2.0 Cloud Computing—Solution Scoping and the organization’s service definitions in unambigu- ous terms. For example, an organization might Definition decide that, “We will establish a means to lease com- This section describes several key activities support- puter storage by the GB using a monthly payment ing the successful application of cloud computing such as a purchase card.” This bounds the project in approaches. Fundamentally, we want to answer practical terms, and this definition can then be used three questions: to derive design requirements later in the process.

Accelerators: Where appropriate in the process, we will Accelerators: Taking the time to clearly define and describe process accelerators that can reduce the time articulate a narrow (as possible) project scope will needed to complete a process step in green inset boxes in accelerate the requirements definition and acquisition each section. phases of the project.

A Decision Process for Applying Cloud Computing in Federal Environments 3 Developer teams frequently work together through Cloud Application their browsers to leverage the virtual cloud platform. Software Virtual servers run in the cloud can include Web servers, applications servers, and database engines. Cloud Platform For some offerings, Application Programming Interfaces (APIs) are provided to predefined net- work-based functions. Cloud Infrastructure Cloud Applications: Infrastructure as a service (SaaS)—SaaS relies on the cloud for access to what would traditionally have been local desktop soft- Figure 2.1-1. The NIST Cloud Computing Stack ware.7 Advantages of this approach are that the application can be continuously updated by the The commercial cloud marketplace offers a wide application provider without issuing and shipping range of cloud services that vary in complexity and new installation disks. Each time the user logs in value. Many analysts describing the cloud market- to the site, the user will get the latest version of the place have noticed that it is useful to discuss a ‘stack’ application. The application provider is also offering of services, grouping common services into general a very scalable Web application using a multi-tiered categories. The National Institute of Standards and Web architecture, implemented on a considerable Technology (NIST) has developed one such notional infrastructure. Disadvantages include the complete stack for describing cloud computing, with foun- dependence on the underlying network to access the dational offerings towards the bottom and more application. When the network is down, the user complex offerings towards the top.5 As shown in cannot do any work with the network-based applica- Figure 2.1-1, the NIST model groups all the services tion. In contrast, the desktop version of the software into three general categories. does not require network connectivity for produc- tive work. Cloud Infrastructure: Infrastructure as a Service (IaaS)—At the bottom of the cloud stack, Cloud In summary, the marketplace offers a wide and ever Infrastructure provides the distributed multi-site growing variety of cloud services. Any particular physical components to support cloud computing, Government program is most likely looking to such as storage and processing resources. This layer obtain benefit from some subset of these offerings. allows the infrastructure provider to abstract away Clarifying the scope and definition of the expected details such as which exact hardware an applica- cloud services is an input prerequisite of the busi- tion is using and which data center the application ness case discussed in the next section. is running in. Advances in server virtualization technologies have made this layer of the stack much more efficient over the past several years, allowing a 2.2 Developing a Business Case for Cloud higher utilization of processing resources than pre- Computing viously practical. Virtual Machine (VM) concepts have also enabled a useful separation of underlying After defining target cloud services, a key activity hardware implementation details from the view in scoping and defining a cloud project is think- of developers and the ability to more rapidly scale ing through the business case for the use of cloud server resources in response to changing demand. services. The analysis should focus on the organi- zation’s business needs and objectives, clarifying Cloud Platform: Platform as a Service (PaaS)— Platform offerings provide an infrastructure for developing and operating web-based software Accelerators: applications. Examples include facilities for appli- • Seek out example business cases from other service- cation design, application development, testing, oriented IT efforts of similar scope or purpose to speed deployment and hosting as well as application ser- the development of the cloud business case. vices such as team collaboration, security, applica- • Develop standardized reusable business case decision tion versioning, and application instrumentation.6 criteria for moving capabilities to a cloud provider.

4 Cloud Computing the expected benefits of the effort, and ensuring be examined to ensure the cloud effort will be that a cloud offering is an appropriate alterna- adequately funded to meet its needs. tive. Depending on the expected type of project, as • Support staff: The ability to administer many described in Section 2.1, the business case may be environments in a multi-tenant9 system with considered from the point of view as a cloud service a minimum number of support staff can be consumer or a provider. important to the provider for achieving econo- mies of scale. Many cloud provider technologies Items to consider as a Cloud Service Provider— reduce cost by effectively expanding the number In order to develop a robust business case, a cloud of systems an administrator can support, using provider must be able to identify its target market, technologies such as virtualization. The admin- anticipated customers, and their needs. Anticipated istrator cost per machine (or virtual machine) is customers, such as other Federal agencies and then lowered. Department of Defense (DoD) programs, should be characterized with accurate requirements to Service provider requirements considerations can ensure that the cloud offering can provide services include: with a compelling advantage for its customers. A • Location independence, redundancy, and Federal cloud provider needs to ensure that they can COOP: The cloud provider should understand deliver this advantage, while meeting their funding if their users will be leveraging their capabilities needs and other customer and Government-specific for location independence and COOP and, if requirements. Example categories to examine so, ensure that they can provide this multi-site are revenue or cost recovery opportunities, costs capability. Costs for providing this capability including hardware/software licensing costs and should be understood, as multiple data centers power consumption, administrative labor, location can affect economies of scale and add complexity independence/Continuity of Operations (COOP), to failover scenarios. performance/throughput, security, and expected • Performance/throughput: A cloud provider performance characteristics such as availability. needs to understand their customers’ needs for Financial considerations for a service provider can performance and throughput. These needs can include: not only affect the quantity and types of hard- ware and software purchased, but also signifi- • Revenue or cost recovery opportunities: A cantly affect the type of networking capabilities provider should identify the size of their target that need to be provided. market and their abilities to recover costs as well • Security: Security impacts can be significant for as the timing of the cost recovery. It may take a provider and a customer. Some customers may time to build the cloud offering and establish demand offerings at high classification levels on incoming revenue flows, funding, or some form dedicated hardware and networks, which can of cost recovery. significantly impact the business case. Other • Capital costs: A provider should examine key users may have more flexibility in their security capital investments (such as buildings, large requirements which can allow for a more effec- hardware purchases) and expenses (such as hard- tive multi-tenant architecture with the associated ware and software licenses). For a provider, the economies of scale. costs of hardware and software licenses can have • “Up time”: For a cloud provider, customers’ an important impact on their ability to economi- needs for availability and stringent service-level cally provide services that meet their customers’ agreements (SLAs) can significantly impact the needs. Kent Langley explains, “Dollar for dollar choices of hardware, software, and support. This the mindful allocation of technical capital can can have a large impact on provider costs. have a dramatic and disruptive effect on the effectiveness of any business and its overall oper- In determining the business case for being a cloud ating capacity.” 8 Examples include server pur- provider, an organization will have to rely upon a chases and licensing costs for operating systems forecast for their anticipated usage with a particular and virtualization software. Additionally, the offering at a given price. For this offering, the busi- fiscal year timing of these expenditures should ness case should include an estimate of the elastic- ity of demand. In other words, for a given price,

A Decision Process for Applying Cloud Computing in Federal Environments 5 one should project the amount of demand for the Service consumer requirements considerations can service. This will help clarify their usage risk. Costs, include: such as power, may not be fully known. In order to • IT agility: The Department of Interior’s National establish a useful business case, multiple scenarios Business Center (NBC) writes, “Agency CIOs and should be analyzed to understand the implications decision makers need to recognize that a large on cost effectiveness. part of the appeal of the Cloud is that it brings Items to consider as a Cloud Consumer—For a technology closer to business users. With Cloud cloud consumer, the business case is less complex technologies, business users have rapid access to and needs to be developed based upon organiza- servers, storage, and computing platforms that tional goals. The goals may include cost reduction, were once the exclusive domain of IT.” 12 Cloud reduced capital expenditure, ability to scale, loca- computing approaches put IT agility in the hands tion independence or COOP. Meeting mission of end users and this can be a qualitative benefit assurance/security and performance considerations in a business case. should also be considered in detail. Once these ele- • Location independence/COOP: A significant ments are understood, the following attributes can advantage of a cloud offering can be the ability be examined: to access the cloud from anywhere. This cost of Financial considerations for a service consumer obtaining this capability from the cloud should business case can include: be compared against the cost of implement- ing location independence and COOP from • Costs: A user of a cloud service can reduce other alternatives (such as a program specific their costs if they can effectively leverage the investment.) economies of scale that are available to a large cloud provider. Troy Benohanian writes, “The • Performance/throughput: A consumer of cloud cloud model disrupts the traditional IT infra- services needs to be very aware of the limits of structure by introducing a virtually infinite performance and throughput from a cloud offer- pool of computing resources that are available ing. SLAs and network capabilities need to be on-demand and payable by the hour. Businesses understood in order for the business case to be need to figure out which one of their applications viable. currently running inside the firewall can take • Security/mission assurance: In order for a cus- advantage of this type of virtual IT infrastruc- tomer to leverage a cloud offering, the consumer ture.” 10 Additionally, the nature of some costs organization needs to understand the security will change from being capital investment in and mission assurance characteristics of the hardware and infrastructure (CapEx) to a pay-as- cloud and how that cloud offering would affect you go (OpEx) model with the cloud. The White their business (i.e., what they would do if they House notes in the FY10 budget request, “Of the lost access to a remote cloud). For example, if a investments that will involve up-front costs to be Federal cloud provider has already been through recouped in outyear savings, cloud-computing is a level of certification and accreditation (C&A) a prime case in point. The Federal Government that can facilitate the adoption of the cloud by will transform its Information Technology the consumer, it can lower the program risk of a Infrastructure by virtualizing data centers, transition to cloud resources. consolidating data centers and operations, and ultimately adopting a cloud-computing business • “Up time”: For a cloud consumer, stringent SLAs model.” 11 that specify characteristics such as “uptime” reli- ability metrics should be considered essential to • Support staff: Cloud computing is essentially the business case. an outsourcing model. The consumer should anticipate reduced infrastructure resources sup- Assessing Risks—When a Federal organization port staff. adopts a cloud approach, they will necessarily have to rely upon another organization to provide capa- bilities to them. They are trusting another organiza- tion to provide capabilities when they most need it.

6 Cloud Computing The consumer may also be opening up a new net- response times, service failure mechanisms, and work attack vector and exposing themselves to other support strategies. It is important to note that these risks. The anticipated benefits may be cost reduction requirements can directly drive cost for the provider through lower capital expenditures and the ability and therefore they must be defined with sufficient scale processing as needed. The consumer may get attention as they generally can not be changed uni- inherent COOP and location independence, which laterally once a binding contract is in place without can be high-value capabilities for them. unpleasant consequences. Unlike a custom multi- year system’s development effort, leasing a cloud ser- In essence, the consumer business case needs to vice for many commercial and Government service effectively weigh the benefits of cost reduction, scal- providers is a ‘point of sale’ decision, where the user ability, location, independence, and other benefits, fills in payment and account information in a web against the additional exposures or risks added. The browser and selects a predefined service offering exposures may include relying upon another organi- for a specified time period. In this context there is zation, network dependence and performance. In a advantage to the Government in taking the time to positive business case, the benefits of cost reduction get the requirements as correct as possible up front, would be coupled with an acceptable mission assur- and using that information to select services that ance posture that would make cloud computing a match the Government’s requirements profile. viable and appropriate choice. Examples of general cloud service requirements include: 2.3 Cloud Service Requirements • Security requirements: Federal Government IT Once the expected cloud services are defined and programs have a wide range of possible security the motivation for using cloud services is clarified in requirements. For some agencies, unique Federal the business case, service requirements are devel- security requirements can make it difficult for oped. Of particular interest are requirements which vendors to successfully offer the Government are unique to the Federal Government or to the their commercial services. Commercial provid- organization being supported. As Al Grasso writes, ers may apply security measures that they feel “The initial [program] requirements definition and are sufficient in the marketplace, though they do tradeoff phase is rarely performed with sufficient not completely fulfill Federal needs or policies. rigor… The importance of spending sufficient time Federal requirements can range from compliance and resources in this initial phase cannot be over- with Federal Information Security Management emphasized.” 13 Capturing these varied aspects of Act (FISMA), compliance with FIPS or agency a service’s expected operational characteristics is specific policies, to special Certification and not trivial and is necessary for robust procurement Accreditation (C&A) requirements, or periodic actions or structured solution development. vulnerability scans. Since security requirements can drive the selection of a cloud solution with Accelerators: Set up quick turn-around engineering pass/fail criteria, it is key that a cloud capability tasks on existing task order contracting vehicles to program consider all security requirements in identify cloud service requirements. Have these tasks be depth before proceeding to a decision on general independent of the main acquisition of the cloud service. cloud approach. • Records management requirements, and As with most engineering processes, a key driver records retention: Federal agency records man- to a successful solution is a comprehensive set of agement programs must comply with regula- well-articulated requirements. Requirements will tions promulgated by both National Archives drive the structure of acquisition documents such and Records Administration (NARA) and the as the Statement of Work (SOW) or Statement of General Services Administration (GSA) (36 CFR Objectives (SOO) if the solution is being leased, or 1220.2)14 Storing information in the cloud will design documents if the solution is built internally. require some technical mechanism to achieve There are many types of requirements that can be compliance with records management (RM) specified, such as cloud service function, service laws and policies. Agencies have several legal interfaces and standards to be employed, service responsibilities regarding Government records

A Decision Process for Applying Cloud Computing in Federal Environments 7 including “Establishing and maintaining an consider the network as a Government-provided active, continuing program for the economi- capability. In this case, the service provider will cal and efficient management of the records” rightly require that service performance char- (44 U.S.C. 3102) and “establishing safeguards acteristics, such as response time, be measured against the removal or loss of records and mak- at the service provider’s entry point(s) on the ing requirements and penalties known to agency Government’s network. officials and employees” (44 U.S.C. 3105). The • Support levels: Requirements concerning the cloud solution has to support analogous record speed and depth of administrative support must safeguards and retrieval functions, even in the be clarified. Administrative support require- context of a provider termination. ments can cover a number of topics such as the • Continuity of Operations (COOP): Depending daily hours of prime support, problem escalation on the organizational missions supported by times, resolution of recurring problems, and the cloud capability, COOP can be a driving trouble ticket submission methods. solution requirement. The purpose of a COOP • Scalability requirements: The organization capability is to ensure that mission essential should consider requirements concerning the functions continue to be available in times of ability of the cloud solution architecture to either crisis or against a spectrum of threats. Threats grow or shrink over time, with varying levels of can include a wide range of potential emergen- processing, storage, or service handling capability. cies, including localized acts of nature, accidents, and technological and/or attack-related emer- gencies. COOP requirements may be defined 3.0 Choosing Cloud Providers in policy as in Department of Defense Directive 3020.26, September 8, 2004, Certified Current as With detailed cloud service requirements now of January 1, 2007, USD(P), SUBJECT: Defense understood, the Government organization comes to Continuity Program (DCP). The DCP states that a decision point regarding which approach to take “COOP involves plans and capabilities cover- for a cloud-based service. As shown in Figure 1.0-1, ing the same functional objectives of continuity there are three fundamental choices, which are now of Government (COG), must be maintained explored in this paper: at a high level of readiness, and be capable of • Acquire the service commercially, or through a implementation both with and without warning. negotiated Government-wide contractual vehicle COOP is not only an integral part of COG and that accesses a commercial vendor (Section 4.0): Enduring Constitutional Government (ECG), Given the cloud requirements defined in the but is simply ‘good business practice’—part previous step of the process, each of the three of the Department of Defense’s fundamental solution options can be considered and evaluated mission as a responsible and reliable public in depth. Acquiring the service commercially institution.” requires some understanding of the contempo- • Expected service performance: The organiza- rary commercial marketplace and methodically tion’s required performance of the cloud service compares the organization’s detailed require- should be clarified and documented. Cloud ments against possible commercial cloud offer- service performance expectations could include ings. Detailed data gathering and due diligence speed of operation, expected performance incen- must be performed regarding external service tives or penalties, and methods to accommodate providers. Unique Government requirements, service demand changes. such as security, may drive an organization away 15 • Performance measurement: Often the con- from a wholly commercial solution. tracted cloud service provider cannot be held • Obtain the service through another accountable for the network to which the service Government organization (Section 5.0): There is being attached. While the network impacts the is a growing list of Government-run initiatives consumer-perceived performance of the service, and participation in Government cloud comput- the service provider contractor has no control ing groups such as the Federal Cloud Computing or management responsibilities for the wide Advisory Council will allow an organization to area networking infrastructure, and they may maintain familiarity with those options.

8 Cloud Computing Cloud Type Control Security Cost Offerings

Section 4.0 Outsourcing: Least Wide variety in the Most likely to have best Broad and deep Public commercial control—services suitability of service for economies of scale marketplace with cloud offerings largely driven Government security a wide variety of by commercial requirements offerings—growing requirements rapidly

Section 5.0 Outsourcing: Control Cultural understanding More expensive than Smaller set of providers Government-run by agreements— and legal compliance commercial options with a maturing set of for Government MOUs, SLAs, etc. with Government offerings—targeted at customers— standards Government needs community cloud services

Section 6.0 Internal: Most Built to organizations Potential to be most Great flexibility, but Government-built control over service specifications—can expensive can require significant private internal clouds characteristics—built handle high security time and capital and managed by requirements investment organizations IT staff

Figure 3.0-1. Generalizing the Characteristics of Cloud Alternatives

• Build the cloud service internally and be a ser- control over the details of implementation, techni- vice provider (Section 6.0): The third option, to cal solutions, staff, and compliance with a variety “build your own” offers a wide range of program of laws and policies. Similarly, in general terms, risks and costs, though it gives the greatest con- many commercial service providers that we have trol to the bill payer. examined are leveraging much larger economies • A last option is to decide that cloud computing is of scale than the Government programs we have not beneficial to the organization at this time. For interviewed, driving down unit costs for storage and example, the organization may find the expected processing. Finally, there is a healthy and growing cost savings are not as large as expected, or that marketplace of cloud-based commercial services the initial investments to move systems to cloud with hundreds of firms offering cloud services, and infrastructure are prohibitive in the context of a much smaller set of Government providers. other budget priorities. The ultimate decision on which path to take for a A Government organization must assess these cloud service solution, as shown in Figure 3.0-1, is options against their requirements and choose a driven by the characteristics of the organization’s fundamental path for a cloud solution. Within each applications and data. After performing the due path are further considerations and tradeoffs as diligence defined in Sections 2.1 through 2.3, which defined in the next sections. brings the organization a good understanding of the program’s scope and requirements, the pivotal Figure 3.0-1 generalizes the broad cloud alterna- solution requirements will be known. For example, tives for Government decision makers in early 2010. if a high security level is a legal requirement, and the Being a generalization, it is safe to say that there Government can only find certified service solutions are exceptions to the characterizations described in in Government-run facilities or by constructing Figure 3.0-1. However, in broad terms, as shown in their own infrastructure, then the choices become the figure, building and running a dedicated inter- narrower. If the systems in question provide or host nal private cloud gives the Government the most information extracts intended for the Public, then Accelerators: Many agencies possess reports and data a wide range of solutions are available, as long as intended for Public consumption. The new Data.gov effort they prevent information modification and have is a repository for this type of information. Identifying this sufficient availability and bandwidth. In summary, Public focused information can be a quick start to hosting the decision process in this section focuses on the information on a cloud computing service. matching of the organization’s IT characteristics to the offered service solutions.

A Decision Process for Applying Cloud Computing in Federal Environments 9 Hybrid Approaches—When looking across a decreased cloud service usage. These topics repre- portfolio of IT services to be provided to a large sent key elements that will provide a foundation for organization, a senior leadership team may decide to successful consumer/provider relationships. In most implement a hybrid model, with some services com- cases, when the Government creates contracts with ing from a cloud provider and some being supported commercial vendors, it is important that these topics internally. For example, it may be cost effective are contractually specified.16 and compliant with policy to use cloud services for When acquiring commercial cloud services, email, while keeping certain mission critical servers Government organizations have several choices. A on internally operated platforms. Similarly, cloud ‘full and open’ competition can be held between services such as storage may be used in conjunction all vendors who wish to respond. Holding such a with a virtual private network (VPN) to augment competition can be labor intensive as the quantity internal enterprise storage resources for a time when of bidders can be large. However, for newer services, demand is sufficient. Hybrid approaches can cross which are yet to be put a purchase schedule, or to the approaches in Sections 4.0 through 6.0 or may access commercial companies that are not Federally cross internal and external service providers. focused, this can be a viable alternative. A more limited competition can occur on an already exist- 4.0 Commercially Managed Public Cloud ing Indefinite Delivery Indefinite Quantity (IDIQ) contract. This option uses pre-qualified vendors who Services have previously been awarded a blanket contract against which Task Orders (TOs) can be written. This section discusses the acquisition and use of With cloud services, some of which are very new, commercial cloud services, which are generally the new startup commercial vendors may not have Internet Protocol (IP) addressable services on the existed or competed for Federal work when the public Internet. blanket contract was put in place. In some rarer Accelerators: cases a sole source contract can be awarded to a vendor with a unique service offering, though sub- • When commercial service providers meet your needs, use Government-wide acquisition schedules, such as stantial justification would be needed to explain the Apps.gov, to more quickly leverage pre-negotiated rejection of a competition. services and rates. GSA Storefront—Currently, a new option for cloud • Choose commercial service providers that have already services is being championed by Federal CIO Vivek successfully concluded Certification and Accreditation Kundra. The General Services Administration (C&A) activities. (GSA) has recently established an online catalog of • Look for vendors with solid and verifiable past cloud services. The projected services will be focused performance hosting analogous service offerings. on cloud infrastructure and the lower portion of the stack mentioned in Section 2.1, include three fun- damental types of cloud offerings – storage, virtual 4.1 Acquisition of Cloud Services machines, and Web hosting18. The establishment of this purchasing catalog will allow for the rapid Successful acquisitions have always relied on strong purchase of a series of fundamental cloud services requirements management; and when acquiring essential as pre-priced commodities. For example, cloud services, this continues to be true. Fortunately, an organization could lease a quantity of storage cloud services have natural network-based inter- measured in GBs for a time period measured in face definition points and performance specifica- months. [This approach is an example of a store- tions that can translate into contract requirements. front catalog, where the Government establishes a As discussed in Section 2.3, when specifying the predefined purchasing mechanism. Options where requirements for a cloud service, several areas are the Government sells services to the Government as considered to ensure that the operational service an approved line of business (LOB) are discussed in meets the Government’s expectations include: Section 5.0] For services in other portions of the IT interface descriptions, performance measure- stack, such as Software as a Service (SaaS), tradi- ment methods, service-level agreements (SLAs), tional acquisition remains the Government’s option. data rights, and options for graceful increased and

10 Cloud Computing IaaS Providers Government Agencies

Once IaaS Services are procured the Federal Agency works directly IaaS Vendor 1 with the selected IaaS vendor in Federal con guring and utilizing the Agency 1 IaaS Vendor 2 services via the Internet. Internet 4 Federal IaaS Vendor 3 Agency 2 Federal Agency 3

Based on the Federal 3 GSA Cloud Agency selection the GSA 1 Storefront enables the Storefront Federal Agencies procurement of IaaS services (Web Portal) inquire and procure with the vendor. IaaS service through 2 the GSA Storefront. The GSA Federal Cloud Storefront provides the prede ned IaaS service oering options from the supported IaaS vendors based on the submitted inquiries from the Federal Agency .

Figure 4.1-1. Procuring Cloud Services Through the GSA Federal Cloud Storefront17

Acquisition Considerations—Contractual docu- • Provisioning Response Time: Defines the time it ments for cloud services should define the following takes to fully provision a service. key topics as applicable to the cloud services being • Service Performance Measurement Tools: acquired: Defines how the performance of cloud services, will be measured. This is central to the opera- • Data Center Locations: Defines characteristics tional use of the service-level agreement (SLA). of the location of underlying data centers. For • Support: Defines the mechanism for provider example, a consumer organization could specify staff support when service issues arise. For only Continental U.S. (CONUS) data centers for example, what is the help desk mechanism? service instantiation. • Service Levels: Defines performance characteris- • Data Center Continuity: Defines a capability tics such as the reliability, up time, or availability to recovery from failures at particular physical of the cloud service. This is a center piece of the locations and suggests that more than one data SLA. (SLAs are discussed further in Section 5.1) center location is used. • Security Considerations: Defines security • Data Center Inspection: Defines the consumer’s compliance and ongoing C&A compliance right to inspect the data center during operations. approaches. • Demand Elasticity: Defines an ability to respond • Administration Functions: Defines how admin- to a variety of service demand levels. Since one of istrative functions such as billing, order track- the key commercial benefits of cloud services is ing, and user support will occur. This effort the ability to scale service demand, this criterion must include interaction and oversight by the is used to evaluate that feature of a provider. consumer, such that a feedback loop for contract • Automated Service Provisioning: Defines the management is created. degree of automation supporting the provision- • Interface Definitions: Defines how technical ing of a service. For example, can a consumer information about cloud service interfaces will organization provision a storage service by pro- be conveyed to the consumer. This can include viding point of contact information and a fund- Application Programmer Interfaces (APIs) when ing mechanism such as a credit card? How much appropriate. staff intervention is required to make this service operational? There are wholly commercial examples where this is completely automated.

A Decision Process for Applying Cloud Computing in Federal Environments 11 Benefits—The benefits of utilizing commercial 4.2 Activating Cloud Services cloud services can include lower capability unit costs, greater burst capability, and faster automated After a successful acquisition process, the provi- provisioning. Commercial cloud providers can often sioned cloud services are made operational for the drive costs down through economies of scale and consumer in the cloud. Many commercial public other cost reduction techniques. For example, they cloud offerings have simplified activation of their may be able to vertically integrate their supply chain services to the point where it is possible to register and build their own specialized hardware platforms; and access some capabilities in less than an hour. locate their data centers in lower cost locations (e.g., Activating cloud services can include the following electric power, labor, and taxes); minimize labor general steps: costs and the number of administrators they need; • Providing identity/account owner and reduce overhead and licensing costs through • Establishing a billing mechanism size and volume. By having a larger capacity, they • Selecting support level can also provide greater burst capability for their • Selecting and configuring environments customers. In A Berkley View of Cloud Computing, • Loading content the authors suggest two cases where utility com- • Testing cloud services puting burst capability provides an advantage over private clouds: “A first case is when demand for For many commercial offerings, the following steps a service varies with time. A second case is when are interactive through a browser interface. For demand is unknown in advance.” 19 Lastly, com- example, Amazon.com provides an on-line interface mercial cloud providers often already have an for registering for their storage and platform ser- infrastructure established to provide a low-friction vices.21 The consumer can select from on-demand automated provisioning of, and payment for, cloud instances or reserved instances.22 Although ’s services. offering is different than Amazon’s, with Python and Java development environments for the Google Risks—The Table 1 defines common risks and pos- AppEngine, both of them have similar Web self- sible mitigations for using commercially managed service access.23 public cloud services.

Table 1. Risks and Mitigations for using Commercially Managed Public Cloud Services

Common Risk/Concern Mitigation Approach Imprecise requirements may Use short-term engineering tasks on existing contract vehicles (e.g., IDIQ task order) to apply not adequately support the subject matter expert (SME) technical experience to the definition and clarification of the acquisition process. service requirements.

Full and open competitions are When leasing commercial cloud services, try first to use pre-negotiated services off of an time consuming and not ‘agile’ approved buying schedule, such as the one being established by Apps.gov. in response to organizational needs. Few standards currently exist to Currently, there are not many cloud-oriented standards for the consumer to use to mitigate ensure portability among cloud this risk. Continue to look for standards to increase portability among service providers service providers, or to ensure and to reduce lock-in. Consider evolving standards such as the Open Virtualization Format common detailed definitions of (OVF)20 which describes standards for virtual machine descriptions. Be cognizant of ‘platforms’ and ‘infrastructure’ development languages that are vendor specific, unless program leadership can accept the services. program risk of being tied to one platform. The commercial marketplace Consider the organization’s entire portfolio of IT needs against the common solution may not support the whole alternatives – commercial market, Government-run, or private internal cloud. Match the portfolio of Government IT service providers’ characteristics to the needs of the systems and data under consideration. needs, particularly in areas such In the final analysis, only a small portion of an organization’s IT portfolio requirements may be as records retention or security. outsourced to wholly commercial organizations. For example, the commercial option might support an organization’s public facing Web servers or content repositories that are intended for public audiences, and therefore have low security requirements.

12 Cloud Computing Providing Identify/Account Ownership—The first requires client development tools as does Google general step in establishing usage on a commercial App Engine.32 allows for the platform is registering for an account, which in most download of their software development kit (SDK) cases requires a username, password and contact or an Eclipse plug-in. For monitoring and manag- information, such as name, company (or Federal ing operational environments, client side tools may organization), email address and mailing address. improve the interaction with the cloud offering;

24 25 however, most offerings provide a thin-client, Web- Google and Amazon.com integrate this account based dash board. information with their other services. Through the sign up process, key code information may need to be For cloud offerings, some mature providers offer a recorded in order to access the service at a later time. wide-range of cloud environments from which to choose. For example, Amazon EC2 users can select Establishing Billing For some service providers bill- different size instances and a variety of operating ing information is provided before services begin, system and other environment options shown in while other offerings will request billing informa- Figure 4.2-1 below. tion when volume reaches beyond a free level or introductory period. On publicly available offerings, a credit card or other commonly used payment vehicles can be utilized for billing. Government con- sumers must often select a payment vehicle that will match the dollar thresholds set in organizational policy. For example, a purchase card might be used for costs up to $2500. Formal payment systems may be used for larger amounts. Currently service pricing for platforms and storage tends to be very competitive, starting at approxi- mately $0.10 per CPU hour and $0.10 per GB of data transfer.26 .com pricing for their SaaS Contact Relationship Management (CRM) system starts $9/month/user for their most basic offering and runs through to $250/month/user for their Figure 4.2-1. Platform Configuration Example: Amazon EC2 unlimited offering.27 is entering the mar- Sample Environment Options33 ket with their Azure offerings with similar costs as Amazon and Google. Microsoft has recently com- When selecting and configuring environments, there pleted a Community Review phase, and going live in may be a variety of security and communications January 2010.28 options to choose as well. For example, networking Selecting Support Levels During the process of options to establish connectivity with an instance, establishing an account, the user may often select such as Hyper Text Transfer Protocol (HTTP) and a support option. For example, Amazon.com offers associated ports may need to be selected. Silver and Gold levels of support which start at $100 Loading Content—When loading content in cases and $400 per month, respectively. The Gold level when platforms or storage is leased, users generally provides support 365 days per year, 24 hours per load information to cloud resources via wide area day.29 Similarly, Force.com offers a premium level of network (WAN), unless very high data volume is service for $75/month per user.30 needed. For public offerings, WAN throughput is Selecting and Configuring Environments After usually charged at a published rate. Transfer costs establishing an account, some offerings allow the must be considered. For example, Amazon currently user to go straight to selecting their operational charges between $0.10 and $0.17 per GB for non- environment, while some software development load balancing transfers in and out of regional data activities require the incorporation of local cli- centers. Google charges between $0.10 and $0.12 per ent tools. For development, Microsoft Azure31 GB for transfers.35

A Decision Process for Applying Cloud Computing in Federal Environments 13 While the WAN is sufficient for many cloud based should perform negative testing to understand the activities, some data transfers are so large that they implications of service outages on mission critical cannot be reasonably accomplished through WAN capabilities and analyze the service implementation connection, due to excessive time requirements architecture for the actual redundancy of service or bandwidth cost. For these situations, vendors offerings on the network. Consumer programs such as Amazon are offering to transfer data from should incorporate the strategy for continuing oper- other media such as disks.36 In the Berkley white ations of mission critical capabilities into system test paper, Above the Clouds: A Berkley View of Cloud plans. For example, if an alternate source of infor- Computing, the authors highlight the importance of mation will be utilized in the event of a network out- transferring large amounts of data: “One opportu- age, test the system with the alternate data source. nity to overcome the high cost of Internet transfers is to ship disks. Jim Gray found that the cheapest way to send a lot of data is to physically send disks 5.0 Government Managed Cloud Services or even whole computers via overnight delivery services.” 37 As Amazon notes in Steven Lawson’s In addition to the commercial options discussed article, “With many enterprise Internet connec- in Section 4.0, a Government consumer may opt tions, Import/Export will often be faster than online to lease cloud services from another Government uploads or downloads… The method isn’t new: For organization. Currently, in conjunction with an example, when banks set up new branches and want expressed desire from the administration, a number to have large amounts of information available on of Government Agencies are organizing cloud offer- site, they typically ship drives because they don’t ings to be leased inside the Government. This section have days to wait for a transfer.” 38 focuses on the considerations when obtaining cloud services from another Government organization. Testing Cloud Services—Operational testing of cloud services builds upon traditional system testing to include attributes of cloud service offerings. The 5.1 Defining Cloud Computing Service testing program should cover cloud service topics Agreements such as the ability to respond to a variety of service demand levels, automated service provisioning, Analogous to the formal contract used in com- provisioning response times, cloud service interface mercial relationships, a key to establishing a cloud definitions, security compliance, administrative computing relationship with between a Government functions, and service level characteristics such as managed provider and Government consumer is the the reliability, up time, or availability of the cloud defined terms of service and service level agreement service. If applicable, testing from multiple opera- (SLA). These can be codified in a document such as tional locations should be performed to reveal any a memorandum of understanding (MOU) between network-driven issues. the parties. MOUs for Government entities are similar to contracts discussed in Section 4.0, but less Service Outages—Service outages for commer- formal, without the legal case law, precedent, and cial cloud providers are often newsworthy events. enforceability of contracts. Typical Government-to- Service consumers should have a strategy for a Government MOUs will include goals and objec- degraded network or service outage. Consumer tives, responsibilities by party, points of contact, programs should consider the implications to operations if cloud provider services were not avail- able or were degraded, and establish a strategy for Accelerators: continuing mission critical operations under these • Since security and risk mitigation are likely to be driving circumstances. Consider the capabilities that are factors in selecting a Government-provided offering essential for successful operation during an outage; over a commercial offering, request provider security information early in the decision process. not all capabilities may be needed during a nonstan- dard event. Programs should emulate or simulate • Employ a quick proof-of-concept to ensure that the Government cloud service meets your application and degraded network conditions to understand the data requirements. behavior of cloud-dependent systems with reduced or problematic network connectivity. Programs

14 Cloud Computing period of performance, and signatories. For cloud consumer wants to specify an offering with a mini- computing services, they should also include metrics mum number of network hops between the majority reporting, performance measurement techniques, of distributed consumers and the provider locations. points of escalation, cost recovery if applicable, and This can shorten the average time between service mutual security requirements. requests and service responses. Service Level Agreements—SLAs specify many Multi-site load balancing also positively impacts aspects about the delivery of the service that are total system availability. Having multiple sites can essential for mission success. Terms for SLAs for provide continuity of operations (COOP) and inher- cloud services should include characteristics such as: ent support for contingency planning, if a given location has a significant outage such as a fire, power • Response time failure, or natural disaster. While it is true that • Hours of operation temporarily routing consumer requests to a more • Platform availability distant network site is not optimal for the consumer, • Expected throughput and utilization ranges for many missions operating in a lower performing • Maximum permitted down-time state is better than having the service being com- • Performance measurement and reporting pletely unavailable. Forrester’s Stan Schatt explains, requirements “Best practices include using these devices [global • Performance-based pricing server load balancers] to enhance server failover, • Problem resolution thresholds overcoming high availability limitations of a single • Problem escalation and priorities data center, improving the efficiency and availability The SLA should specify the support steps that the of multi-homed links to more than one service pro- consumer can take when the service is failing to vider, and localizing Web content for clients.” 39 meet the terms specified in the agreement. These Performance Measurement—Often the service support steps should include points-of-contact and provider cannot be held accountable for the network escalation procedures. The time-to-resolve perfor- that the service is being attached to. While the net- mance should be specified in the contract based work impacts the consumer-perceived performance upon the severity of the problem. of the service, the service provider contractor has no As mentioned above, it is important to be precise control or management responsibilities for the wide in the definition of metrics and specify when and area networking infrastructure, and they may con- where they will be collected. For example, perfor- sider the network as a third-party capability. In this mance is different when measured from the con- case, the service provider may require that service sumer or provider due to the propagation delay of performance characteristics, such as response time, the network. Metrics should measure characteris- be measured at the service provider’s entry point(s) tics under the control of the vendor or they will be to the network. unenforceable. Finally, the SLA should describe a It can be advantageous for a consumer to “instru- mutual management process for the service levels, ment” key points on the network to measure including periodic reporting requirements and performance of service providers. For example, meetings for management assessments. contemporary commercial tools can report back Network Topology Requirements—Network topol- to a centralized data store on service performance, ogy, including the implementation of the backbone and instrumentation agents can be placed with of the current network, will have an impact on how participating consumers, and at the entry point the services perform as measured from a distributed of the service provider on the network. By gather- consumer’s perspective. For example, if users are ing data across providers on the performance of geographically distributed around the country, it is pre-planned instrumented service calls throughout often important to have the service available at mul- typical work periods, service managers can bet- tiple locations. In this situation, the MOU should ter judge where performance bottlenecks arise. include requirements for a multi-site implementa- The Government should include requirements for tion, and what is often termed “global load balanc- service instrumentation to support broader perfor- ing”, a method for balancing service load across mance engineering efforts. distributed sites. With network-based services, the

A Decision Process for Applying Cloud Computing in Federal Environments 15 Cost—A Government run cloud is likely to provide a small Linux instance.42 With no advance payment less operational cost savings than a market leading or commitment, Amazon.com also offers $0.10/ commercial cloud vendor. There are multiple rea- instance/hour for their small offering to $0.80/ sons for this. Commercial vendors tend to minimize instance/hour for their extra large instance. This all factors of cost in a manner the Government can- fine-grained pricing with one-hour time blocks and not match due to policy or security requirements. provisioning in minutes provides for a “pay-as-you- For example, cloud vendors may employ less costly go” offering. It allows the consumer a cost effec- labor that have not obtained Government security tive means to utilize the cloud in a burst capacity clearances. They may spread their costs over a much without incurring the long-term expense of mostly larger customer base than the Government enterprise unused computing capacity. cloud, and they may be able to realize cost savings Example Cloud Programs—Currently, a number by not needing to follow Government processes for of new cloud provider programs have been initiated certification and accreditation, and security. Also, by the Government. They include: they are more likely to set up data centers in low-cost electric regions or perhaps even outside of CONUS. • Defense Information Systems Agency (DISA— Rapid Access Computing Environment When evaluating or defining cloud offerings, the (RACE): DISA offers a cloud service with an MS type and timing of payments should be considered – Windows or Red Hat Linux computing envi- upfront payments and length of time for measuring ronment.43 RACE prices are listed in Network variable charges should be part of the analysis. For World as $500 per month for development and the provider, one-time payments or fixed revenue test environments, and $1200 per month for streams can help to mitigate some of the risk with production capabilities.44 In addition to choos- establishing a cloud offering. Also, longer term ing the operating system, users can optionally units of measure for variable costs may be helpful in select an operating environment that complies allocating computing resources to customers. For with Security Technical Implementation Guides example, the Defense Information Systems Agency (STIGs). This environment is Defense Enterprise (DISA) Rapid Access Computing Environment Computing Center (DECC)-compliant and can (RACE) charges $500 per/month/image in a devel- be directly connected to the DoD Non-secure opment and test environment.40 The monthly Internet Protocol Router Network (NIPRnet). time unit is significantly longer than many pub- According to the Cloud Computing Journal licly available commercial offerings. For example, RACE provisioning of environments takes 24 Google AppEngine measures and leases computing hours in development and test environments and resources by the hour.41 Some companies offer mul- 72 hours in production and can be done through tiple options: Amazon.com Elastic Compute Cloud a credit card or Military Inter-departmental (EC2) has a reserved instance and an on-demand Purchase Request (MIPR) payment option.45 instance pricing model. As an example, the reserved Helpdesk support is available 365 days per year, pricing model allows for a one-time, non-refundable 24 hours per day. payment of $227 for one year and $0.03 per hour for

NBCGrid NBCFiles NBCApps NBCStage IaaS IaaS SaaS PaaS

Windows Linux Virtual Cloud Lotus LOB LOB User Servers Servers Desktops Storage Applications Applications Apps

NBC & Agency Physical Infrastructure

Figure 5.1-1. DOI NBC Cloud Computing Offerings

16 Cloud Computing • Department of Interior (DOI) National Compute Cloud (EC2). This commonality of Business Center (NBC): The Department of the APIs helped NASA to develop tools for Nebula Interior (DOI) National Business Center (NBC) and can facilitate interoperability of applications plans to provide multiple offerings to federal for service users.49 NASA has also considered agency customers as shown in Figure 5.1-1.46 The appropriate network connectivity for its custom- current and planned offerings include: NBCFiles ers: “Nebula is primarily located at the Ames as a offering;NBCGrid as an IaaS; Research Center,” writes NASA’s Chris Kemp and NBCStage as PaaS; and NBCApps as an SaaS. Joshua McKenty.50 “The Ames Internet Exchange As an example of their offerings, theNBCGrid (AIX) which hosts the cloud, was formerly ‘Mae offering provides “technology agnostic server West,’ one of the original nodes of the Internet, hosting” and has both metered and pre-paid and is still a major peering location for Tier 1 pricing models. For the end user, NBCGrid is ISPs.” 51 This puts the service very near a central intended to facilitate “rapid provisioning (sub 15 IP exchange point for network traffic, improving minute).” 47 As an example of their SaaS offer- end-user performance. ings, NBCApps will include human resources Benefits—Using an existing Government-managed capabilities and acquisitions capabilities, such as cloud service may save the consuming organization an on-demand version of the Electronic Services significant time and can lower program risk. For Environment (ESE). a consumer organization, usage of a Government- • NASA–Nebula: NASA’s Nebula service will be managed cloud offering may reduce the time to offering Software as a Service (SaaS), Platform as become operational by avoiding an entire contract- a Service (PaaS), and Infrastructure as a Service ing process required when obtaining commercial (IaaS).48 The cloud platform is based upon open offerings, or avoiding an systems integration process source components; the technology stack is for those considering building private offerings. shown below in Figure 5.1-2. For example, NASA Instead, a Government consumer may be able employs open source software which to comfortably leverage a cloud offering with a provides APIs consistent with Amazon’s Elastic

Proxy (Varnish/Apache) and eAuth Key: Python Nebula–Cloud Web Interface APS–Directory CODE–Cloud IDE (Staging) JAVA Eucalyptus Web FrontEnd LCROSS Subversion FrontEnd LCROSS Other RabbitMQ Web FrontEnd MS WWT TRACFrontEnd MS WWT

LUSTER Web FrontEnd — Agilo FrontEnd —

Fabric-based Deployment Selenium Grid and Cruise Control

SOLR Indexing and Search

RabbitMQ Message Queue

Eucalyptus Virtualized Servers MySOL VM Controller Cluster (DRBD) Users LUSTER File System LUSTER File System (SAML & LDAP) PHY PHY PHY PHY PHY Nebula1 Nebula1 Nebula1 Nebula1 Nebula1 PHY PHY PHY

Figure 5.1-2: Nebula Technology Stack52

A Decision Process for Applying Cloud Computing in Federal Environments 17 Memorandum of Understanding (MOU) and a potentially less costly commercial offering. For some Service Level Agreement (SLA). A Government agencies, unique Federal security requirements can service provider differentiates their offering by make it difficult for vendors to successfully offer the providing a customer confidence that they’re Government their commercial services. Commercial acquiring services matched to the traditional needs providers may apply security measures that they feel of Government. The Government provider can are sufficient in the marketplace, though they do not offer a cloud service that is tailored to the security, completely fulfill Federal needs or policies. records retention, and certification and accredita- Risks—Table 2 defines common risks and possible tion needs of a Government customer. This can mitigations for using Government-managed cloud offer a significant advantage to the Government services. customer, providing a differentiated product from a

Table 2. Risks and Mitigations for using Government-managed Cloud Services

Common Risk/Concern Mitigation Approach Cost savings for consumers of Currently, Government-run clouds do not run on the same scale as their commercial Government-run cloud services may counterparts. Therefore, due to smaller economies of scale, the savings realized in the not be as sizable as commercial service consumer’s business case may be less, and the payback period may be longer. alternatives. Adjust business cases to accurately reflect expected Government to Government charges, not commercial costs. Few standards currently exist to Currently, there are not many cloud-oriented standards for the consumer to use ensure portability among cloud to mitigate this risk. Continue to look for standards to increase portability among service providers, or to ensure service providers and to reduce lock-in. Consider evolving standards such as the common detailed definitions of Open Virtualization Format (OVF)53 which describes standards for virtual machine ‘platforms’ and ‘infrastructure’ descriptions. Be cognizant of development languages that are vendor specific, unless services. program leadership can accept the program risk of being tied to one platform. Government Service-Level Obtain detailed SLAs from Government service providers and agree on mechanisms Agreements (SLAs) may not be as for measuring the SLAs. Document a performance feedback process in a clearly defined as their commercial Memorandum of Understanding (MOU), and require attendance by service provider counterparts. personnel able to make commitments for the service provider organization. Define the periodicity of the feedback communications and meetings. Finally, employ a quick proof-of-concept to ensure that the Government cloud service meets implied consumer requirements and expectations. Government cloud providers may not Understand the limitations of a Government provider’s burst capacity and lead time have the same burst capacity as large needed for provider to “scale up” to meet significant increases in usage. scale commercial providers.

18 Cloud Computing 5.2 Activating Government Services of a location with suitable power, transportation, zoning, taxes, workforce, and weather conditions, Activating Government-run cloud services, is analo- to design considerations such as network diversity, gous to commercial-run cloud services, as both are physical security controls, HVAC and heat dissipa- provided by external service providers. Please see tion and a failure proof electrical infrastructure. An section 4.2 for a discussion of these considerations. organization considering the creation of data centers to create a private cloud on a enterprise scale should consider the following: 6.0 Creating Internal Enterprise Private Cloud Services • Location Assessments: The data centers intend- ing to support mission critical IT clouds should Creating an infrastructure for a private cloud of avoid areas prone to natural disasters and a size that will realize economies of scale analo- major population centers to be most surviv- gous to those shown in contemporary commercial able. Assessments of the frequency of recur- offerings, and that will effectively satisfy require- ring weather-related events such as hurricanes, ments common to mission critical Government floods, and tornados should be completed. Data systems, is a major undertaking, requiring substan- Center News states, “Companies are shying tial capital investment and comprehensive project away from the Gulf region because of the hurri- management and systems engineering. Unlike canes; California for mudslides, earthquakes and Sections 4.0 and 5.0 where external organizations wildfires; and high-profile metro areas because provide the cloud, this section discusses the general of the terrorist threat potential.” 54 Assuming that engineering and requirements considerations for a location is weather-neutral, properly zoned, a large-scale effort to provide the infrastructure and building codes are generally suitable for a for a Federal private cloud. This section generally data center, a number of additional consider- assumes mission critical private clouds with sensi- ations drive the choice of a data center location, tive or classified content. including: –– Power Access Assessment: Data center planning efforts should quantify the power 6.1 Enterprise Cloud Infrastructure Engineering requirements expected for a data center. A strong relationship with local power provid- Some organizations contemplating the creation of ers should be established and expectations large-scale private clouds do not have a ready data for projected consumption should be clari- center infrastructure sufficient to host a very large fied. Data Center News explains, “The first scale operation or cannot add this new capability to criteria that come to mind for many data existing facilities. Expansion of existing facilities can center site selection experts are the price of be hampered by power, HVAC, or rack space power and its reliability.” 55 With the increase constraints, or the assessment that the existing of more dense IT infrastructure, power facilities are not in a physical location worth large- consumption per square foot of a data center scale investment. is increasing. Planners should investigate and understand the ability to upgrade or install Accelerators: transmission lines. • Leverage a proven IT stack (e.g., chipsets, virtualization –– Physical Redundancy: It is likely that software) that is known to work together as product any single location in the continental U.S. integration takes substantial time. (CONUS) will be insufficient to support • Anticipate issues when porting legacy applications to Continuity of Operations (COOP). For many virtualized cloud environments. Start porting activities early. missions more than one data center will need to be built in diverse physical locations. Some locations may be eliminated from consider- The decision to ‘build your own’ and not use com- ation because they are too close to existing mercial offerings as described in Section 4.0 has sig- organizational efforts. nificant implications on project scope and complex- –– Workforce: The ability to hire and house ity. Project considerations range from the selection technical staff in proximity to the data center

A Decision Process for Applying Cloud Computing in Federal Environments 19 facility should be assessed as well as the abil- cover the failover time period. Frequent test- ity to staff cleared personnel if applicable. ing of the power alternative will be required –– Transportation Infrastructure: The trans- once the facility is operational. Planners portation system near the project facility should account for large scale UPS capabili- should be assessed for its ability to support ties to regulate power before it is sent to IT traffic such as construction equipment, fuel equipment. delivery vehicles and staff traffic. Planners –– HVAC: Heat dissipation will be a major should assess whether there are multiple design and cost driver for the data center. routes to the potential data center, to avoid Cloud computing infrastructures are most a single point of failure in the road system, often built upon highly virtualized blade due to accident or disaster, and whether infrastructures which are continuing to get the potential data center is supported by air more dense, and generate much more heat transportation for urgent requirements. per rack unit (U) than was common even ten • Design Considerations: Once an optimal loca- years ago. A complex system of heat exchang- tion has been established there are a number of ers, compressors, and air management major design considerations in implementing the systems will need to be designed and imple- data center, which can also be cost drivers: mented to achieve sufficient heat reduction. –– Network Diversity: Due to the fundamental Complex and continuous monitoring will role of the network in cloud computing, the need to be implemented to protect the large network, and the redundancy of the data investment in computing infrastructure. center’s connections to it, will play a key role in an infrastructure effort. The ability to Benefits—The chief advantage of building a private utilize a diversity of network providers and cloud is the ability to maintain control over a wide to route traffic among a group of networked variety of service characteristics, such as the security peers is vital to a cloud service provider. implementation, continuity of operations (COOP), A network operations center capable of retention policies, network connectivity and usage monitoring and adapting to the health of policies. The benefits pursued through a private the network providers is required. For some cloud can be tailored to the objectives of the owner’s missions, satellite ground stations may business case. For example, if cost reduction is the also be required to add to the diversity of primary objective, virtualization and intra-organi- communications. zational multi-tenancy can be employed to reduce –– Physical Security: Considerations in this the hardware footprint. The business objectives may area include compliance with particular be focused on topics such as data center utilization, agency security standards and the design and collaboration, COOP, speed of deployment or loca- implementation of a wide range of features tion-independent access, perhaps coupled with the such as video monitoring, biometric access, need for high security or high mission confidence. perimeter guards, perimeter berms and In these cases, the flexibility provided by a private fences, RF shielding, intrusion detection sys- cloud implementation may be significant. tems, and fire detection and suppression. –– Construction Durability: Buildings for sen- Risks—Table 3 defines common risks and possible sitive mission critical data centers will need mitigations for constructing private cloud offerings. to be built to a survivability standard that is beyond standard building construction. Plan for this to be a cost driver in capital expendi- tures for construction. 6.2 Cloud Service Implementation –– Electrical Infrastructure:56 The data center must support the use of an alternative source While Section 5.1 discusses establishing the physical of power for a sustained period of time, in infrastructure for the private cloud capability, this the event of a failure by the primary power section focuses on creating the next layers of the supplier. Solutions include banks of genera- stack which provide services for the organizations tors and large supplies of fuel sufficient to end users.

20 Cloud Computing Table 3. Risks and Mitigations for Constructing Private Cloud Offerings

Common Risk/Concern Mitigation Approach Cost reductions may take longer to Look to other comparable Government service provider organizations to understand realize as compared to other cloud their integration, development, and operational costs. For example, while the hardware alternatives. footprint may be significantly reduced as compared to legacy hardware, there may be new costs, such as product and systems integration, virtualization software licensing, application porting, disconnected operations capabilities, and COOP capabilities. Legacy applications may not easily Port applications to test cloud environment early to ensure applications can run in the new cloud environment, successfully run in the target architecture cloud stack. increasing costs and schedule time. When creating cloud services, A number of products are required to provide a robust scalable cloud service, and product integration for a complex the time required to integrate and test all those products and ensure that they work series of interdependent components seamlessly with each other is significant. Look to existing instantiations of Government can take longer than expected. cloud platforms to understand compatibility. Acquisition activities in this option Leveraging a systems integrator or prime contractor may simplify the acquisition are not trivial and may add to the process rather than acquiring the hardware and software separately and integrating the program schedule. capability in-house.

Commercial Tools—Government private clouds with very large data sets. Hadoop is a Java-based will most likely rely on commercial tools for their Apache effort that can be licensed without cost and implementation, and therefore Commercial Off includes a job tracker for dividing up, assigning The Shelf (COTS) product acquisition will play an work, and assembling work results. additional role in cloud service implementation. • Distributed Enterprise Server Management Product acquisitions will generally take the form Example: 3tera AppLogic:60 Tools to construct a of straightforward hardware and software license scalable enterprise grid from commodity hard- procurement, though support agreements and SLAs ware can be important. This example, AppLogic, may need to be negotiated for some items. allows operational VMs to be built from collec- tions of pre-defined machine images, and then As described previously, cloud services cover a connected together into systems of systems, from wide range of the IT stack and the tools required a graphical interface. to implement the cloud services will depend on the program scoping decisions recommended in Based on the scope definition of the program as Section 2.1. Some representative commercial tool defined in Section 2.1 a data center service architec- examples include: ture will be developed that assembles commercial

57 tools into a comprehensive systems solution using • Server Virtualization Example: VMware: the infrastructure assembled in Section 6.1. This Server virtualization has become a mature work can be outsourced as a system’s integration option for hosting and managing applications task, or developed in-house by Government staff. and collections of applications within an enter- prise. Currently VMware is a market leader in On-Demand Capability Testing—Comprehensive server virtualization for the data center, though testing and defect remediation is an essential ele- important competitors such as Microsoft Corp., ment to establishing trust between Government are releasing competing products. The ability private cloud providers and consumer programs. to create and manage virtual machines (VMs), As part of the cloud service testing program it is including the ability to backup or failover VMs important to establish the performance characteris- between sites, is a core function of a contempo- tics of the service as demand increases. For example, rary cloud capability. if on-demand resource provisioning is available to • Distributed Applications Example: Apache a consumer, then the private cloud provider should Hadoop58/ Google’s MapReduce paradigm:59 incorporate the testing of on-demand functions into Tools which can take advantage of a large pool of test plans to verify service behavior. In addition, processors and break up a computational problem cloud providers should consider testing throughput into a set of smaller jobs will often be needed in a and scalability beyond the consumer’s expected cloud capability supporting Government programs standard processing needs. Testing should identify

A Decision Process for Applying Cloud Computing in Federal Environments 21 whether provider services scale appropriately in Enabling this communication is a key activity of accordance with the promised service-level agree- the cloud provider. Example techniques include ment (SLA), or whether they gracefully degrade, or stakeholder’s meetings, online forums, and per- break down completely at increased usage levels. formance questionnaires. • Cloud Service Awareness: Outreach is a key In-Situ Cloud Testing—Testing network-based function of an effective service provider. Services services that are external to an organization is a evolve and improve over time and cloud provid- challenge. When an organization tests a system that ers must communicate these changes across all utilizes external services, it is not likely to have com- consumers. Outreach is also key to expanding plete control over a dedicated test environment that the base of consumers and increasing awareness encompasses these external services. The situation in other parts of the Government organization is further compounded if the service provider does regarding the services available. not have a specific service dedicated for consum- ers to use just for testing activities, such as systems integration testing. With external services the 7.0 Conclusion consuming organization may not be able to effec- tively conduct volume, throughput, or error testing Government organizations, looking to realize the against an operational service.61 In contrast, a pri- same cloud computing advantages that they see vate cloud infrastructure owned by the Government today in the commercial marketplace, have several offers a unique testing option, entitled In-situ Cloud options for obtaining the benefits of cloud comput- Testing (ICT). Since cloud environments are gener- ing. First, the commercial marketplace continues ally built upon virtualization concepts, the concept to grow with a wide range of network-based cloud of VM isolation is well implemented. This allows for services available for procurement and lease through very realistic testing environments to be built into traditional Federal Acquisition Regulation (FAR) the same cloud infrastructure as the operational processes, when the commercial service can meet systems, but in their own virtualized segment of the the underlying requirements of the Government. private cloud. Actual live VMs can be cloned from Second, there are several Government run solu- operational environments into the test environment. tions that are being put in place, tailored specifically Test environments can run at the same classification for Government customers. And finally, there is as the real environment. The testing environment always the option to apply commercial tools to build can therefore maintain maximum realism, while at internal private cloud capabilities completely within the same time not affecting operational systems or Government data center facilities. compromising security policy. This document has outlined a structured process Customer Relationship Management—As the for scoping a cloud effort, refining potential cloud creator of a private cloud, the Government is in requirements, developing a business case for a the role of service provider to other Government cloud effort, and making a selection among a range organizations who act as consumers. Successfully of commercial and Government cloud providers. fulfilling this role implies several key activities: Fundamentally, this process is focused on under- • Consumer Program Support: First the service standing and documenting a clear set of service provider must devote resources provide support requirements and objectives as an essential early to consumer programs and program manag- step in selecting a cloud service provider and in ers. This support can include SLA reporting, deciding to create cloud services for an organization. technical support on how to use particular The engineering process that follows, and the deci- network-based cloud infrastructure services, sions made there, all come back to a robust under- support with consumer systems testing, sup- standing of the needs of the organization. Cloud port with Certification and Accreditation (C&A) computing, when combined with this structured activities, and support with resource scaling and engineering processes, can provide more efficient provisioning. and agile IT resources for an organization, allowing • Enabling a Feedback Loop: Connecting with the commoditization of aspects of IT such as storage consumers requires a feedback loop to continu- and computation, to focus on higher order mission ously improve the cloud services being offered. challenges.

22 Cloud Computing Acronyms Acronym Definition

API Application Programmer Interface CapEx Capital Expense CFR Code of Federal Regulations CIO Chief Information Officer COG Continuity of Government CONUS Continental United States COOP Continuity of Operations COTS Commercial-Off-The-Shelf CRM Customer Relationship Management DCP Defense Continuity Program DISA Defense Information Systems Agency DoD Department of Defense EC2 Elastic Compute Cloud FY Fiscal Year GB Gigabyte GSA General Services Administration HTTP Hyper Text Transfer Protocol HVAC Heating, Ventilating and Air Conditioning IaaS Infrastructure as a Service IDIQ Indefinite Delivery Indefinite Quantity IP Internet Protocol IT Information Technology LOB Line Of Business MOU Memorandum of Understanding NARA National Archives and Records Administration NBC National Business Center OMB Office of Management and Budget OpEx Operating Expense PaaS Platform as a Service QoS Quality of Service RACE Rapid Access Computing Environment SaaS Software as a Service SDK Software Development Kit SLA Service-Level Agreement SOA Service-Oriented Architecture SOW Statement of Work SOO Statement of Objectives TO Task Order VM Virtual Machine VPN Virtual Private Network WAN Wide Area Network

A Decision Process for Applying Cloud Computing in Federal Environments 23 References

1 Geoff Raines, “Cloud Computing and SOA”, The MITRE Corporation, 2009.

2 Federal News Radio, “Kundra sees innovation in the cloud”, http://www.federalnewsradio.com/?nid=35&sid=1620108.

3 FY2010 Federal Budget, “Cross Cutting Programs”, http://www.whitehouse.gov/omb/budget/fy2010/assets/crosscutting.pdf.

4 Geoff Raines, “Cloud Computing and SOA”, The MITRE Corporation, 2009.

5 Peter Mell and Tim Grance, “The NIST Definition of Cloud Computing”, http://csrc.nist.gov/groups/SNS/cloud-computing/index.html

6 Wikipedia, “Platform as a Service”, http://en.wikipedia.org/wiki/Platform_as_a_service.

7 Robert P. Desisto et al., “Tutorial for Understanding the Relationship Between Cloud Computing and SaaS”, http://www.gartner.com/DisplayDocument?ref=g_search&id=640707.

8 Kent Langley, “Thoughts on the Business Case for Cloud Computing”, http://www.productionscale.com/home/2009/2/4/thoughts-on-the-business-case-for-cloud-computing.html.

9 A multi-tenant system allows multiple leasing customers to share the same underlying infrastructure, though they are logically separated.

10 Troy Benohanian, “The Business Case For Cloud Computing”, http://blog.inm.com/index.php/2009/05/19/the_business_case_for_cloud_computing.

11 FY2010 Federal Budget, Analytical Perspectives, Cross Cutting Programs, http://www.whitehouse.gov/omb/budget/fy2010/assets/crosscutting.pdf.

12 National Business Center, Department of Interior, “Federal Cloud Playbook”, August 2009, http://cloud.nbc.gov/PDF/NBC%20Cloud%20White%20Paper%20Final%20(Web%20Res).pdf.

13 Al Grasso, “Information Technology Acquisition – A Common Sense Approach”, The MITRE Corporation, March 2009, http://www.mitre.org/work/tech_papers/tech_papers_09/atl/.

14 National Archives, “Frequently Asked Questions about Records Management”, http://www.archives.gov/records-mgmt/faqs/general.html.

15 Geoff Raines, “Service Oriented Acquisitions”, The MITRE Corporation, April 2009.

16 Geoff Raines, “Service Oriented Acquisitions”, The MITRE Corporation, April 2009.

17 GSA, Request For Quote, Statement of Work #17914883, “U.S. Federal Cloud Computing Initiative.”

18 GSA, “Cloud IT Services”, https://www.apps.gov/cloud/advantage/cloud/category_home.do?BV_SessionID=@@@@0734724691.1267641522@@@@&BV_Engine ID=ccciadejkfdmjefcflgcefmdgfhdgji.0&c=IA.

19 Michael Armbrust, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy Katz, Andy Konwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, and Matei Zaharia, “Above the Clouds: A Berkeley View of Cloud Computing” http://radlab.cs.berkeley.edu/, February 10, 2009.

20 “Open Virtualization Format”, http://www.vmware.com/appliances/getting-started/learn/ovf.html].

21 Amazon Elastic Compute Cloud Getting Started Guide (API Version 2009-04-04), http://docs.amazonwebservices.com/AWSEC2/2009-04-04/GettingStartedGuide/.

22 Amazon Elastic Compute Cloud (Amazon EC2), http://aws.amazon.com/ec2/#pricing.

24 Cloud Computing 23 Google App Engine, Billing and Budgeting Resources, http://code.google.com/appengine/docs/billing.html.

24 Google, “Google Accounts”, https://www.google.com/accounts/NewAccount.

25 Amazon.com, “Amazon Elastic Compute Cloud Getting Started Guide (API Version 2009-04-04)”, http://docs.amazonwebservices.com/AWSEC2/2009-04-04/GettingStartedGuide/.

26 Preethi Dumpala, “Microsoft’s Cloud Pricing In Line With Google’s, Amazon’s”, http://www.businessinsider.com/microsoft-azure-vs-google-app-engine-vs-amazon-web-services-2009-7.

27 Salesforce.com, “Salesforce Pricing and Additions”, http://www.salesforce.com/crm/editions-pricing.jsp.

28 Windows Azure Platform, “Register for Azure Services”, http://www.microsoft.com/azure/register.mspx.

29 Amazon.com, “AWS Premium Support”, http://aws.amazon.com/premiumsupport/#overview.

30 Salesforce.com, “Cloud Computing Model and Pricing”, http://www.salesforce.com/platform/platform-edition/.

31 Windows Azure Platform, “Register for Azure Services”, http://www.microsoft.com/azure/register.mspx.

32 Google.com, “Google App Engine”, http://code.google.com/appengine/downloads.html#Google_App_Engine_SDK_for_Java.

33 Amazon.com, “Amazon Elastic Compute Cloud (Amazon EC2) Pricing”, http://aws.amazon.com/ec2/#pricing].

34 Amazon.com, “Amazon Elastic Compute Cloud (Amazon EC2)”, http://aws.amazon.com/ec2/].

35 Google, “Google App Engine, Billing and Budgeting Resources”, http://code.google.com/appengine/docs/billing.html.

36 Amazon.com, “Amazon Elastic Compute Cloud (Amazon EC2) Transferring Large Amounts of Data”, http://aws.amazon.com/s3/#importexport.

37 Michael Armbrust et al., “Above the Clouds: A Berkeley View of Cloud Computing”, http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf.

38 Steve Lawson, “Amazon S3 lets customers ship big data”, http://www.macworld.com/article/140739/2009/05/amazon_cloud.html.

39 Stan Schatt, Giga Information Group, Inc., “Best Practices: Global Server Load Balancing”, 2003.

40 Network World, October 5, 2009, http://www.networkworld.com/news/2009/100509-pentagon-cloud-computing.html?page=2.

41 Google, “Grow Your App Beyond Free Quotas”, http://googleappengine.blogspot.com/2009/02/new-grow-your-app-beyond-free-quotas.html.

42 Amazon.com, “Amazon Elastic Compute Cloud (Amazon EC2)”, http://aws.amazon.com/ec2/.

43 DISA, “Rapid Access Computing Environment”, http://www.disa.mil/race/.

A Decision Process for Applying Cloud Computing in Federal Environments 25 44 Network World, October 5, 2009, http://www.networkworld.com/news/2009/100509-pentagon-cloud-computing.html?page=2.

45 Cloud Computing Journal, “DISA Opens DOD Cloud”, October 7, 2009, http://cloudcomputing.sys-con.com/node/1136332.

46 National Business Center, Department of Interior, “Federal Cloud Playbook”, August 2009, http://cloud.nbc.gov/PDF/NBC%20Cloud%20White%20Paper%20Final%20(Web%20Res).pdf.

47 Cloudbook.net, “National Business Center (NBC) Cloud Computing”, http://www.cloudbook.net/nbc-gov.

48 NASA, “NASA’s Cloud Computing Platform”, http://nebula.nasa.gov/.

49 NASA, “NASA Nebula blog”, http://nebula.nasa.gov/blog/2009/nov/how-eucalyptus-enables-ec2-compatibility-with-nebu/].

50 CloudBook.net, “NASA Nebula”, http://www.cloudbook.net/nebula-gov.

51 Ibid.

52 NASA, “Nebula Services”, http://nebula.nasa.gov/services.

53 VMware, “Open Virtualization Format”, http://www.vmware.com/appliances/getting-started/learn/ovf.html.

54 Matt Stansberry, “Data Center Locations Ranked By Cost”, http://searchdatacenter.techtarget.com/news/article/0,289142,sid80_gci1204203,00.html].

55 Ibid.

56 Generator photo credit: Terremark Worldwide, Inc.

57 VMware, “Virtualization Products for Cloud Computing”, https://www.vmware.com/products/product_index.html.

58 Apache, “Welcome to Apache Hadoop”, http://hadoop.apache.org/].

59 Google, “MapReduce: Simplified Data Processing on Large Clusters”, http://labs.google.com/papers/mapreduce.html].

60 3tera, “Cloud Computing Without Compromise”, http://www.3tera.com/?_kk=3tera%20applogic].

61 Lawrence Pizette et al., MITRE, 2009.

26 Cloud Computing MITRE www.mitre.org ©2010 The MITRE Corporation All Rights Reserved Approved for Public Release Distribution Unlimited Case Number: 10-1070 Document Number: MTR100092 MITRE www.mitre.org