Cloud Computing in Government: A Progress Report, moderated by Robert Ames of IBM
Panelists:
- Doug Bourgeois, Director, National Business Center, Dept. of the Interior
- Casey Coleman, CIO, GSA
- William (Bill) Turnbull, Associate CIO for Advanced Technology and Systems Integration, Department of Energy
Robert Ames of IBM opens, sets context for panel and quips on the 4th Cloud Delivery model, “Hype as a Service”, via David Vap.
Casey Coleman, opens saying hard to give progress report at this early stage, but there is a lot of momentum for cloud computing in the government. A big part of that momentum is the recently launched Apps.gov site.
Goals of CIO Council and Apps.gov work: establish governance, procurement Leadership, technology innovation, Implementation and adoption, enable sustainable and cost-effective computing, operate as a service provider, and conduct outreach activities.
Doug Bourgeois of the National Business Center is up next. National Business Center is a service provider to other government agencies. Doug begins with starting point operational challenges: security, infrastructure sprawl (datacenter growth containment), limited flexibility/adaptability to change.
How to overcome this: 1. security program, 2. service-oriented architecture to add standardization, interoperability and business process management into organization, 3. virtualization 4. dual data center (risk management, failover). These provided preparedness.
Made business decision to employ cloud technology, refer to their cloud site for more information, including roadmap (pdf).
Now, William Turnbell of the Department of Energy. DOE’s efforts include (1) data center virtualization, (2) private clouds (Argonne National Lab, Lawrence Berkeley National Lab, National Renewable Energy Lab (green focus)), (3) business applications and (4) research areas: security, HPC, authentication in the cloud.
William states that not all applications are suitable to general purpose clouds. Experimenting with different private cloud approaches to suit different business needs, including high performance computing.
Q: Biggest Challenges?
Doug: Challenges that rise to top: Governance model for the cloud. From roles and responsibilities from security standpoint. Shared multi-tenancy model, who decides, who pays, when it is time to upgrade. (This is private cloud issue).
Federal government is moving more quickly than OEM suppliers. OEM (software) licenses are not very cloud friendly.
Casey: Security is big challenge that people talk about. Not comprised security, but a different approach is required.
Apps.gov changes purchasing model. Right now, need purchasing authority to participate. But, it could (eventually) move to the users of applications and IT services in federal government. Would need to change purchasing model, authorities and governance.
William: Not all applications move smoothly to the cloud. Some require re-writing, this is a significant challenge.
Opened to Audience Q&A
Q: Audience question directed at Doug, why did NBC build out the infrastructure, when it could have been commercially acquired?
Doug: Didn’t implement a bunch of new infrastructure to implement cloud, moved existing infrastructure to cloud, added virtualization, management controls: provisioning, metering etc. The decision was based on economy of scale. Leveraged existing investment, able to spread that investment out to greater number of consumers (agency support).
Q: Culture Issues?
Casey: Disruptive technology adoption always has culture issues. Early uses are collaboration and commodity IaaS. As move to mission critical support, there will be more private cloud adoption.
Q: Security/Risk
Doug: Mission is sensitive but unclassified information (personally identifiable information). Implementing 3 security zones, dev/test, production, PII.
Q: NASA with Nebula is creating an open source cloud. What is the role of open source in your agencies?
William: Open source can be looked at as another competitor. Run TCO models on both commercial and open source offerings. Key that there is a community supporting the open source software (project).
Doug: Looked at from economic perspective. Viable from risk perspective. Are using some open source products at O/S level.
Robert Ames, IBM: Notes really interesting / innovative work going on in the open source community, such as Hadoop.
Q: Can existing datacenter assets be used to create IaaS services? Especially, with efficiency gains of virtualization etc. What happens to underlying assets?
Casey: Enormous legacy datacenter investment. Great question. Are currently asking themselves how this can be repurposed. Some newer assets and applications may be candidates to be IaaS providers. But some older assets and applications may never be cloud friendly, cloud ready.
Q: Low hanging fruit / general characteristics of good cloud candidates? Hybrids models (mix of public and private clouds)?
Doug: Can be very theoretical question / answer. Best advice is to look at commodity stuff, things with low security model, things with low interoperability requirements.
Casey: USA.gov citizen portal is moved to a cloud solution. Cost savings approx 75%. Another high potential area is email and collaboration. Agency requirements are similar.
William: Collaboration is one area.
Q: Working with communities?
All of the panelists mentioned working on security models, and working with researchers on security models. Robert Ames added information sharing, agencies who use / require the same information, and opportunities for new findings (disease prevention) via access and updates to a shared information source.
Q: Apps.gov and IaaS, will there be agency offerings, such as NBC, with commercial offerings?
Casey: Good question. Very early stages right now. Could evolve to a competitive marketplace over time.
Q: Platform as a Service?
Casey: Interesting aspect is that government applications developed on a government provided PaaS could then be shared amongst other government agencies, the IP would be a public asset. Robert points out this could be “jumpstart for innovation”. Both Casey and Doug agree.
Q: What about compliance issues like HIPAA and Sarbanes Oxley?
Casey: Great many compliance issues. For example, agency video on YouTube also needs to be agency website where it is captioned. So, compliance is about the offering (video), not necessarily the delivery platform (YouTube).
Doug: Cloud users have a responsibility, nothing (technical) prevents them from bringing HIPAA type data to non-compliant platform, so there needs to be education, governance and communication.
In Closing…
Doug: Try it, start small, low risk.
Casey: Despite hype, cloud is real. Reduce friction, increase capability delivery.
PDF 
