Open Source in the Cloud

Moderator: Pete TseronisSenior Advisor, U.S. Department of Energy

Panelists: Mark RylandNational Standards Officer, Microsoft

Dr. David McQueeneyVice President, Technology and Stratey, Chief Technology Officer, IBM Federal

Brian StevensChief Technology Officer and Vice President, Engineering, Red Hat

Henry SienkiewiczTechnical Program Director, Computing Services Directorate, Defense Information Systems Agency

Open Sourcein the Cloud

Mark Ryland

National Standards OfficerMicrosoft

Dr. David McQueeney

Vice President, Technology and StrategyChief Technology OfficerIBM Federal

GOSCON, 2009Some Thoughts on Open Source and the Cloud

Brian StevensRed Hat CTO, VP Engineering05 November 2009

DECODING THE STATE OF THE CLOUD

the signal-to-noise ratio is a tad low

WHY SHOULD A USER CARE?

Because they can Quickly deploy applications and services Eliminate the need to procure and manage hardware Pay only for what they consume Scale up and down as they need Deploy an app, anywhere, any time (internal or on-premise, physical to bare metal)

THE ROLE OF OPEN SOURCE

Accelerating cloud capability and adoption by

Federating the technology to eliminate barriers for cloud providers Opening APIs and code to millions of researchers and developers to advance the technical obstacles of security, migration, etc. Serving as the de facto standard for ensuring rich interoperability and compatibility between clouds

THE OPEN SOURCE ROADMAP FOR CLOUD ENABLEMENTDefining the future for open source cloud infrastructure:

Linux as the Hypervisor (Linux/KVM) - http://kvm.qumranet.com/ Cloud Abstraction Layer - http://deltacloud.org Virtual Compute Node API – http://libvirt.org/ Identity and Authentication Server - http://freeipa.org Application Orchestration- http://www.redhat.com/mrg Security Hardening - http://www.selinuxproject.org/SVirt Appliance Builder: http://thincrust.org

bstevens at redhat dot com

17

•Network Services•Program Executive Offices•Computing Services

17

Defense Information Systems Agency: Vision & Mission

Vision

Leaders enabling information dominance in defense of our Nation

MissionDISA, a Combat Support Agency, engineers

and provides C2 capabilities and enterprise infrastructure to continuously operate and defend a global net-centric enterprise in

direct support to joint warfighters, National level leaders, and other mission and

coalition partners across the full spectrum of operations

18

Defense Enterprise Computing Centers (DECC)

• 4,000,000+ users

• 2,900+ team members

• Defense Working Capital Fund (DWCF)

• 14 facilities

• 445,000 sq ft raised floor

• 34 mainframes

• 6,100 servers

• 3,800 terabytes of storage

• 2,800 application / database instances

• 215 software vendors

Maintenance

Command and Control

Medical

Logistics

Financial

19

Building the Cloud Foundation

• Innovative Services Contracts– Acquire processing & storage capacity as a

service provided by vendor partners– Pay much like a homeowner pays for utilities,

e.g., by megawatt-hours, BTUs, call-minutes, CPU-hours consumed

• Benefits– Reduces time to add capacity– Reduces overhead– Simplifies our cost drivers– Streamlines operating system– management– Facilitates technological currency

Capacity on Demand VirtualizationWhy? Many benefits:

• Consolidation– Reduces footprint

• Deployment – Eases provisioning of new workloads

• Agility – Increases support for changing workload demands and fail-over situations

• Protection – Lowers barriers to disaster recovery• Savings

– Fewer machines means fewer administrators, less power, floor, space, and cooling• Utilization – Enables multiple systems to run on high-

performance hardware• Price

– Reduces the cost of service delivery and lowers the total cost of ownership

14-day turnaround (average) 29% virtualized across DECC enterprise

20

“The Cloud”

What’s new?

A style of computing where massively scalable (and elastic) IT-related capabilities are provided “as a service” to customers

using Internet technologies.

Acquisition Model: Based on purchasing

of services

Source: Gartner

Business Model: Based on pay for use

Access Model: Over the network to ANY

device

Technical Model: Scalable, elastic,

dynamic, multi-tenant, & sharable

Computing As A Service

21

DISA Cloud Services Portfolio

Platform/Infrastructure-as-a-Service

Software-as-a-Service

Data-as-a-Service

GCDS

Content Delivery

RACE

Compute/Store

Forge.mil

Software Development

22

Rapid Access Computing Environment (RACE)

Development/Test24-hour automated provisioningCustomer root accessAbility to promote from Dev to TestStandard CSD Operating EnvironmentsMinimized and streamlined accreditationIncrease capacity ~ 24 hoursMonth-to-month serviceReduced cost

1 October 2008

Production• User self-service provisioning

within the PRODUCTION environment

• Ability to promote from test to production

• Streamlined/Automated accreditation

• Pre-established inherited IA controls

Today

• SIPRNet deployment• Complete integrate accreditation

automation processes • Continue to refine RACE Portal• Interface with Forge.Mil Projects• Complete integration with DISA

standardized configuration management system (BladeLogic)

FY10 Initiatives

User Self-Service ~ Highly Standardized ~ Cost Effective ~ Fast

23

RACE User Interface

24

Application Accreditationin RACE

Test & Development

Promote to Production

• Path-to-Production Execution Process– Streamlined and automated IA C&A– Standard process for customer– Accreditation time reduced from 80+ days to 40

days – End state objective of 7 days for C&A

• eMASS: Enterprise Mission Assurance Support System (eMASS) :– Automates the creation of select DIACAP artifacts– Populates DISA’s inherited controls into the

workflow process– Provides customer an advanced, dynamic

workflow management tool

25

● The Global Information Grid (GIG) Content Delivery Service (GCDS): – DoD OSD designated standard for content delivery service – Managed by the Defense Information System Agency (DISA's) Computing Services

Directorate (CSD). – GCDS is a global platform

● Uses Akamai™ technology, that provides intelligent routing and caching of web-based content.

● Interfaces with web-based applications and portals. ● Requires the local system be configured to allow GCDS to handle

communications between it and the Defense Information Systems Network (DISN).

GIG Content Delivery Service (GCDS)

DISN CLOUD ARMY NAVY AIR FORCE MARINES DoD Pending TOTAL

NIPRNET 3 9 3 0 9 2 26

SIPRNET 3 0 1 2 16 6 28

TOTAL 6 9 4 2 25 8 54

As of Sept 2009

26

Applications-As-A-Service: Forge.mil (Software Development)

● Public: Freely available to all DoD users● Shared: All DoD users can access the same code development environment for DoD open

source and community source software● Available: General availability on March 27, 2009

● Common evaluation criteria and an agile certification process to accelerate the certification of reusable, net-centric solutions

● Limited Operational Availability: October 2009

● Private: Allows a closed development environment for DoD projects and programs● Fee-for-service ● Availability: October 2009

DoD’s Software Development Life Cycle

•The logical process used to develop an information system•Includes requirements validation, training, and user ownership•Works like a library – Code checked out, worked on, & checked in

Analysis Design

Implementat ion

MaintenancePlanning

Systems Development Life Cycle (SDLC)

Forge.mil “Bits & Pieces”

•First standardized approach to an enormous problem •Proven development model •Based on the open source community’s approach

DoD SDLC

27

Forge.mil and RACE:Accelerating the Path to Production

DevelopersTestersUsersCertifiersDecision Authorities

Dashboard, Reporting & Monitoring

Build Libraries & Code Repositories

Development Zone

Development Zone

T&E ZoneT&E Zone

Production ZoneProduction Zone

Cloud Test & Certification

Services

Cloud Test & Certification

Services

Implementing the plat form and services to support evolving governance processes and standards

28

Challenges and BarriersCurrent

● Balancing Security and Usability– User Validation– Virtualization; servers, firewalls, networks– Access

● Business processes– Flexible funding; credit cards, speeding MIPR process

● Cultural inertia– Sharing the vision– Convincing “Box Huggers”

● Controlling expectations– “Why can’t it…..”

Future● Security optimization

– “Shared” accreditation– Validation of customer applications– Integrating Software as a Service– Accessing federated and shared services– Varying interpretations of security guidelines

● Business streamlining– Each Service and Agency has unique processes– Funding hurdles – Capital (Procurement) vs. Operating

29

Develop Within The Decision Cycle ● Our strength is in our ability to make

decisions better and faster than adversaries

● Web 2.0 technologies accelerate this cycle

● Software development has to keep up

Military Decision Making Cycle

Orient

Decide

Act

Observe

6 Months

24 Hours

6 Months

Days

Procure Code CertifyTotal Time toProductionRequirement

Traditional Approach

Cloud Approach

3-6 Months

Test6-12 Months

2-6 Months

18-24 Months

30

31

Backups

32

Enabling the Cloud Environment

Infrastructure– Standardization – Consolidation– Capacity Services – Virtualization– Content Delivery – Rapid Provisioning

Services– Software (SaaS)– Applications– Communications

Processes– Metrics & benchmarking – ITIL – Service Level Management (SLM)– Security (Certification & Accreditation

(C&A))

It’s A Journey

33

Consolidations and Savings

1990 1993 1998 2005

Service/ Agency consolidation under DMRD

924

• Reduced number of mainframe sites from 194 to 71

• Saved $320M/year

DISA Megacenter

consolidation – DMRD

918/BRAC

• Reduced number of mainframe sites from 71 to 16

• Saved $206M/year

DISA “SMART” consolidation

under QDR and DRI

• Reduced mainframe sites from 16 to 5

• Saved $203M/year

DISA combat support

computing transformation

• Mainframe & Server consolidation

• 4 primary sites w/ remote system mgmt

• Centralized all business functions

• Saved $143M/year

Continuing computing

transformation

2005

• Reduced sites from 18 to 13

• Saved $XXXXM/year

34

Forge.mil: Agile Development Environment

Building an Agile Development Environment for the DoD

● Collaborative environment for enabling agile software development and reuse

● Integration with the RACE Cloud to enable a continuous integration approach– Automate system build processes – Automate testing

● Deliver existing DoD tools and services into the cloud● Code analysis, unit testing, build testing, performance testing, interoperability testing, IA testing

● Expand the “Sandbox”– Integration with test networks and development labs– Incorporate simulations and sandbox versions of production services

● Streamline and automate the deployment governance processes – Enable dynamic execution of GIG Governance policies and procedures

35

Lessons Learned● Recommendations:

– Understand that it’s a journey – Recognize that the infrastructure fundamentals matter – Know your “marketplace” – recognize that this is a different

marketplace than normal IT operations– Clearly define the marketplace offering – Adjust the launch to satisfy requirements not timelines ensure– Engage with the software developers much earlier in the design

● What critical success factors?:– Which portion of cloud computing? – How will you define and measure the return on value analysis? – How will you define and measure the return on investment

analysis?

36

-200%

0%

200%

400%

600%

800%

1000%

1200%

1400%

1600%

1800%

2002 2003 2004 2005 2006 2007 2008 2009 2010 2011

Computing Technology & DECC EvolutionA Combat Support Agency

Percentage Change

Mainframe Processing

IBM & UNISYS platforms

Centralized database processing

Full data replication (since FY00)

Silos Virtual Tape Systems

Distributed Processing

Client-Server solutions

Internal storage Storage Area Networks (SAN)

Enterprise resource Planning (ERP) implementations

Cloud Computing

Server Virtualization

Services- based acquisitions

Dynamic provisioning

Utility pricing

1994-2002

Storage Workload

Server Workload

Cost

Continuous DECC consolidations and transformations have yielded significant reductions in unit cost

1994-2002 20082002-2008

Panel Discussion

Questions?

Tell us what you think: Complete the survey